last executing test programs: 6.762981559s ago: executing program 2 (id=500): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@gettfilter={0x24, 0x2e, 0x0, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe, 0x5}, {0x8}, {0xb, 0xffe0}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000380)=@newtfilter={0x54, 0x2c, 0xd27, 0xffffffff, 0x0, {0x0, 0x0, 0x0, r1, {0x4, 0xffe0}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8847}, @TCA_FLOWER_KEY_MPLS_OPTS={0x18, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x2}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_TC={0x5}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x81}, 0x24000000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0xfffffffffffffffc) 6.660230135s ago: executing program 2 (id=501): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x200000000000000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0x7000, 0x3, 0x8031, 0xffffffffffffffff, 0x80002) 6.637599781s ago: executing program 3 (id=502): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x3f, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) set_mempolicy(0x8003, 0x0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) syz_open_dev$vbi(0x0, 0x0, 0x2) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x9, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bind$alg(r4, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="69db2abd7000fcdbd7251000000076a557c07c61d71a1f6ce424f53dfd833836d53515d6a49c4ab1933a3ad0eb9a4d9e6513899a893a0c9501905fac6c0e7f59"], 0x14}, 0x1, 0x0, 0x0, 0x801}, 0x4004880) r7 = accept4(r4, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) sendmmsg$unix(r7, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r8, 0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0x52, &(0x7f0000000040)=ANY=[@ANYBLOB="120100002598f110210494008e280102030109024000010000000009046d00000202"], 0x0) 5.11037088s ago: executing program 2 (id=508): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000080)=ANY=[@ANYRESHEX=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x4265d78587a754bc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x9, 0x20, 0x2, 0x0, 0x2004cc, 0x8000002, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x767], 0xeeef0000}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}]}, 0x10) pread64(0xffffffffffffffff, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000000000)="d1", 0x1, 0x24004000, &(0x7f0000000100)={0xa, 0x4e24, 0x7f, @remote, 0x7}, 0x1c) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x10b200, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f00000006c0)="f3440fc7b729000000f20f5f0d00000080460f5ba4b07a000000470f38c9403736460fc7b10f240000660f3881078fa9189021da820001c0fef3440f0966b881000f00d8", 0x44}], 0xaaaabbc, 0x74, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000026c0)=[{{0x0, 0x0, 0x0}, 0xffffffc0}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, &(0x7f0000002680)}, 0x2}], 0x8, 0x100, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000012000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000000c0)="650f78309a0f000000ad000f01d10f5abff5b65d6466baf80cb8aa82c380ef66bafc0c66ed0f015d05b805000000b9ba0000000f01d9b9800000c00f3235004000000f3065660fd6b93b6800009a00100000ed00", 0x54}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) (fail_nth: 2) gettid() ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000ec0)={0x8, 0x5, {0x401, @usage=0x9, 0x0, 0x3, 0x1b5f, 0x1, 0x9, 0x3, 0x82, @usage=0x9, 0x9, 0x3000, [0x5, 0x0, 0x3, 0x5, 0x13f, 0x2]}, {0x40, @usage=0xa, 0x0, 0x100000001, 0x4bcd, 0x1000, 0x7, 0x1, 0x400, @usage, 0x5, 0x0, [0x80000001, 0x1, 0x4, 0x1, 0x2, 0x8]}, {0x6, @struct={0x12, 0x5}, 0x0, 0x7, 0x4, 0x5ced, 0x2, 0xa0, 0x4c, @struct={0x7, 0x1}, 0x7ff, 0x0, [0x3, 0x4, 0xfffffffeffffffff, 0x800, 0x1ff, 0x401]}, {0x0, 0x5, 0x41d}}) ioctl$BTRFS_IOC_DEV_REPLACE(r2, 0xca289435, &(0x7f0000000480)={0x0, 0x4, @start={r6, 0x1, "151f972555023b3799d87bd6d9a6f3a7695888e8a76e26eb20b44d718a3b864f0d5b6b412a69bada8c2ce3edc6b54d446c70aa3496ef981c6e1ff47830212525894b8e93b6003a3af894b2b8bc42349169c8bc61ce898cf309f3017fac95ac4d53f4a384712a29ae1484749958d02c394039e1ca5a81ce214d39b3c1c037f87ce99be567945e9b82c70a4f4006fdd6a0e5b8726f2b59c9db3cc2cd6fb7a109102dc0164d05cc46947b7009c0ebfbad892a9d93c50e6c55dc04be1abc001cd8210c9c8c7d5d0eb2bbe7cf289df961ee74460f20f0a091f7c9c37eb81c86b7a8b99a555b668cdf541d1b7bbf3fd9594468387d53573186dae5fcb9979e603be40494d05a61dfc2466c24c6316eb0c669334ed4105398f9c9e767d82f350052e8c20739b790ae8effb53afa01e131770ffdc065d2d0975ab994af62bdcd8864862ee22f9075c6d8c8223b91b6f8d6748af2921c4c2c5bb9a200fc48cebe27c94cf050591ad14bdd521b42e3a1db7fbf690930cbb02f5804c1c6dc9bb4245788bd8c8405c20ed134d435fedeab4273983d37ab8dbc386ab21552940e463d221f5c080cfb56084d56cdae0c2bd12badfd6eb5c66a1f994502506e853bfe7958179f505ff08392f07b32d8f18061bef8b890ed098f08f9dadb8fafff1c82462d0f87912c38e84130f0de4d3449bae9b4e4adb3a18b23039f1bbe0b8c55b282ad5c3be2909cfe13e90e066d417a67baf5d60578abb6933a52f907e1a2593a2dcfaf4fb728cad5ef45556f4807b42a771ae977b62bfb3e5d5311de583bcd225d1cbfca7b7e849e1c1a822be684fcce3396ba5dc27a053b662bdfe08d1b22faffc3653ea0112942a12e96f13bd8771fa8641b71b648d842c24072c973d08f552b17060e76649c0ddb9913df4ef2c0897bdaa5cd2afd2e3958fe6a514255f356db6499bec7833a217238a4ec0de646c7038057b1c6d1c95d2592da49d7a10eaa7ec05a4ac1aa69ef90c46fb164f3f9d5564a8550df8a40bade13be9d7f11a44121f6f0347988eff79d57755d56b94f5d894303b06d499fa8149af9cc1a1002b8718abdf4da74b7d828d0e6af397b96159e7e5be5668023610d7f3eea0a2b5c3668d6cef711153734f14904b4eeb1cbf7338ebe2496c749ba76813c1f32c6c0d0b12ec2a2120b8762cb3da72efad3fa0dfcb6602703f9d1dbd0a2f56727a01c9a2e6f7abff192d5671b28724b05534c91aac52c988c75227cda9af87e581308ac1ffa4cdd79efff68f0503f28046dd17187a32704cfdc376ca53652a88fb0af8d11e061d3b0598da40031c68c8cd30beb2d4fef8b50e4cf667c2cdaa4e956b505efcdcc470120ec9ba903e5f58cba42ea2a3d2a637b8d5b99479585358effa71e2cdf0712d5e44d4f8b13e8f49b5ebce7b5ba3327df074427624f6cc7f265008c80a8a00cbc69", "6a68a8d946e12d656ef973ba4593511e2b205435757a106eb51dab445604b65188b116db8a8c1a2f2067bb01a11e300ecdd8b4b30b33112443164f51cfb08bea665f89537c80aa8496dc76449d2f8b02e6fcb3bb4f867dba58f242b8a0f7e4c4dea862a9a107d68f0574f36aa8260fb9152f53ee5e8e7a615a15e4c1564a12c1300a40860d3e80c608720309752d5dbc012f9763d1902f8d466ea283537a54872761392c8b7ee323cc3d234db595f4cfe01154a7afcd0baf938e909d79267095131e157d61755d690a3e828fda62aedb1bcc58c51c0f6e01314ca0c7179a36335b74d4274e8922f9d2ad310f041ea54df5642a498fb5984c4f78fbab1a28b75f063c7aad392c040cd75a66de86c6c639d0b33f49e7f05feebfb9ba1d243424158ddd85472f4ad15af306fd368510e2ca1025312880ccad101f55e144f199bb87832a2e6d0368bd5428f38399f077c426e4337a995634f234428ab6eafc76585be895352f516425fb153d58c2db01046403c9b38d05d870ad5efd8608a1dc1758bec91e05b956c1081f7eabac0a11c093fd4f3c0746def0af89ab840f91d7f89a6430296b5ede8ce5ee6e719b552e4af67c8f88d94825ad529d8b2eb5221db01c412c16a8f44078d0db2b1a05bff5000b8d927629850e9457b6e8b7728f4253fe1a44d1c5978d971229361b7cff84406c86030484d7dc9a025aa55d8a9da81fd71482f0fe557be2e83bdac8e07a80a5e339ab26d0633e1bd1d81f5c86ca2170c91ec640fa8cd11a9d1822354778be7cb99bc36b85ef4e77b16105dbe183d59cf6b205c18fe4688267444735e88818fb0bf44b1c936e8fe866f434afec39976d2e8e8c0dc07b839a612db545fc7d4e95837c3dcaaaa961d3da19c182afc791538d161aa53e191f0790141aff2727d1ebe530727d2a38cb7a051f6ed07a5c95fb27f287a3b988f163878bfff0223e1cdade9717eb78f2db99e4d8302711933af3299fde382ae11fb5b2c791f5d7db32d6c54c951b75366ea1d3e5bfec7150d1b73015cd18846705d49dcab9f12d9fedff542eb2a7a255c61ade80cbb96ef7530c67cdbf2f8f03baff66407df3131f9178ffe8692a9fcc602a7576cc784106eb15b9014f288746c0a725105baf36e979fc8c96778b5c0afbd34ce9b8ea4de2aff1d72e6feaba0e1147495e9315df002923925adc4f50447db4d1e03ff24f113f7801486ef955bf729bc0c05b1236b300d13de2cdd6f5b0db71591be8d26a31a16323610184faf57bbbc6e116f708c0a95b64b34742250ac73027e6f55ef0c0e2596f0f5fe08092f520a2f8a307c0f120bbe05b6c21f9ed7a26a51242e9ed999678c374cc463ddd17d7ae2231f30313989ef6f2536b3e0251cc13b04d9996b3f38a958f6b9ad5ccf877c052916bf7821164b58052d55f6258b45e494fc9830598886385"}, [0x8, 0x6, 0x3, 0x4, 0x2, 0x2, 0x0, 0x4, 0x8000, 0x10001, 0x400, 0x7, 0x7, 0xfffffffffffffffd, 0x6, 0x6, 0x8, 0x9, 0xb, 0x81, 0xf393, 0xfffffffffffffff8, 0x8000, 0x2, 0x80000001, 0x1, 0x0, 0x8, 0x3, 0x8000000000000000, 0x1, 0xe522, 0x2, 0x10, 0x5, 0x0, 0xe6, 0xa, 0xffff, 0x8, 0x400, 0x8, 0x6, 0x7, 0x8, 0x7, 0x5, 0xa4fa, 0x5, 0x4, 0x0, 0x100, 0x6, 0x0, 0x3ff, 0x8, 0x3, 0x800, 0x7, 0x1, 0x994, 0x2, 0x7, 0x7ff]}) shutdown(r2, 0x1) 5.065115095s ago: executing program 3 (id=509): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000100)={0x0, 0x0, @ioapic={0x4000, 0x8, 0x0, 0xfffffffe, 0x0, [{0x8, 0x9, 0x7b, '\x00', 0x1c}, {0x4c, 0x0, 0xd, '\x00', 0x81}, {0xe, 0xf7, 0xfd, '\x00', 0x5}, {0x8e, 0x3, 0x1, '\x00', 0x6}, {0x8, 0x0, 0x8, '\x00', 0x7}, {0xa, 0x5, 0x0, '\x00', 0x5}, {0x6, 0xf, 0x40, '\x00', 0x5}, {0x2, 0x8, 0xfd, '\x00', 0x66}, {0x1, 0x62, 0xe, '\x00', 0x8}, {0x0, 0x8, 0x8c, '\x00', 0x10}, {0x2, 0x7, 0x3}, {0xb, 0x0, 0x5, '\x00', 0x3}, {0xa, 0x2, 0x10, '\x00', 0xe}, {0x80, 0x2, 0x9}, {0x3, 0xf, 0x1, '\x00', 0x9}, {0x5e, 0x9, 0xba, '\x00', 0xef}, {0xf1, 0xf8, 0x5, '\x00', 0x81}, {0x10, 0x0, 0xc, '\x00', 0xf0}, {0x5, 0x6, 0x1, '\x00', 0x2}, {0x3, 0x94, 0x6, '\x00', 0x7}, {0x85, 0x8, 0x3, '\x00', 0x6}, {0x6b, 0x8, 0x10, '\x00', 0x6}, {0xfe, 0x6, 0x8, '\x00', 0xba}, {0x9, 0x81, 0xd, '\x00', 0x2}]}}) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x1, @dev={0xfe, 0x80, '\x00', 0x11}, 0x5}, 0x1c) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x4010040) close(r4) close(r3) syz_usb_connect(0x1, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010003b1fe9208151403005d65010203010902120000000000000904000000d3a53e00"], &(0x7f0000000e80)={0x0, 0x0, 0xf, &(0x7f0000000b80)=ANY=[@ANYBLOB="050f0f00010c10"], 0x1, [{0x0, 0x0}]}) r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r5, 0x402, 0x8000003d) unshare(0x24020400) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r6, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) open(&(0x7f00000002c0)='./bus\x00', 0x60102, 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x141800, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r8, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5}) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) r9 = eventfd2(0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000000)={r9, 0x0, 0x2}) socketpair$unix(0x1, 0x6, 0x0, &(0x7f0000000180)) dup3(r0, r1, 0x0) r10 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r10, &(0x7f0000000280)='.request_key_auth\x00', &(0x7f00000002c0)=@secondary) 4.748118665s ago: executing program 0 (id=511): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, 0x0) openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x182, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r1 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x400, 0x0, 0x379}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x3e82, 0x60, 0x0, 0xa7ff) openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000200)=ANY=[@ANYBLOB='c'], 0xb) 4.196193296s ago: executing program 2 (id=513): r0 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x20181, 0x0) unshare(0x68040200) mmap(&(0x7f000046d000/0x1000)=nil, 0x1000, 0x2000007, 0x8010, r0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, 0x0, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r3, 0x3ba0, &(0x7f0000000280)={0x48, 0x12, r4}) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000900), 0x10, 0x0) 4.168773972s ago: executing program 0 (id=514): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000006040), r0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug', 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$inet6(0xa, 0x3, 0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0xd, 0x0, 0x6, 0xfa11, 0xfff7ffff}, 0x0) r5 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)}) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000140), 0x8, 0x40) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0xd05c3, 0x0) pwritev2(r5, &(0x7f0000000400)=[{&(0x7f0000000240)="da29521120727b1d8a449a879c31b9364d91a6e42ea5337f68686884", 0x1c}], 0x1, 0x4, 0x0, 0x4a) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x6, 0x8b22, 0x0, 0x0, 0x16, 0x11, "fee8a2ab78fc979fd1e00d96072000000ba89de2b7fb0000e6a180b8785d960001000000000041eb8109af00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f422741b13103e52f400003fe2000000000000000000000000000000002000", [0x0, 0x2000000000001]}}) ioctl$LOOP_CHANGE_FD(r6, 0x4c06, r7) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000005c0)={r7, 0x1ff, {0x0, 0x0, 0x0, 0x6, 0x9a5, 0x0, 0x0, 0x2, 0xc, "9f76d16b39ed8553c9a455a2d3f61f34dc4218026eba7e961cc6389be9c783e61c64ba45dd9acd2526b7bf853e9431ed58b008e855fa229d2f55a1eef5fb0c15", "ffb39190bdcb69070000000000845ff0501f48aa25b7f4fbcdfd940548274be7c8f600006000fd65bea100000000e3ffffff00", "68a4521672630ef5bb1600000000000092d267eddbc80000004000", [0x383a40da, 0x7fffffff]}}) sendmmsg(r2, 0x0, 0x0, 0x4000000) open(0x0, 0x143bc2, 0x1c0) openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x107b43, 0x0) r8 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000440)='/proc/asound/card1/oss_mixer\x00', 0x80880, 0x0) fcntl$setlease(r8, 0x400, 0x2) syz_open_dev$dmmidi(&(0x7f0000000000), 0x2, 0x10080) syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100003d8acc089c0e901b0083d3c0e9bc09021b0001000000000904"], 0x0) fcntl$notify(r1, 0x402, 0x8) 3.826332019s ago: executing program 1 (id=515): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@setlink={0x58, 0x13, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, 0x1000, 0x42400}, [@IFLA_XDP={0x2c, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}, @IFLA_XDP_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x1}, @IFLA_XDP_EXPECTED_FD={0x6}, @IFLA_XDP_FD={0x8}]}, @IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x58}, 0x1, 0x0, 0x0, 0x20010891}, 0x20040040) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000000)=0x220100, 0x4) (async) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000000)=0x220100, 0x4) 3.630283638s ago: executing program 4 (id=516): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000) madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, 0x0, &(0x7f00000001c0)=0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) r3 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10, 0x0}, 0x3000c085) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f0000000100)=r4, 0x4) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x7c, 0x4, @fd, 0xb, &(0x7f0000000380)}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) splice(r1, &(0x7f0000000000)=0x7d, r1, &(0x7f0000000040)=0x5, 0x7ff, 0x0) 2.775809412s ago: executing program 1 (id=517): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000bc0)=@delchain={0x1e8, 0x65, 0x2, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x1}, {0x0, 0xd}, {0xffe0, 0xd}}, [@filter_kind_options=@f_flower={{0xb}, {0x50, 0x2, [@TCA_FLOWER_KEY_CVLAN_ID={0x6, 0x4d, 0xfa7}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x7ff}, @TCA_FLOWER_KEY_ICMPV4_CODE_MASK={0x5}, @TCA_FLOWER_KEY_ARP_SIP_MASK={0x8, 0x3a, 0xffffffff}, @TCA_FLOWER_KEY_IPV6_SRC_MASK={0x14, 0xf, [0xff000000, 0x0, 0xffffffff, 0xffffff00]}, @TCA_FLOWER_KEY_SCTP_DST_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}, @TCA_FLOWER_KEY_MPLS_LABEL={0x8, 0x46, 0xa1}]}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x158, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_ACT={0x64, 0x1, [@m_mirred={0x60, 0x5, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0xcdf, 0xffffffff, 0x10000000, 0x2, 0xfffff001}, 0x4}}]}, {0x11, 0x6, "d527360c37d81b077c369a3b45"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x4}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_ACT={0xe0, 0x1, [@m_skbedit={0xdc, 0x2, 0x0, 0x0, {{0xc}, {0x4}, {0xae, 0x6, "ebf4de38465b5dccbe6f251bbe8231a02391528515292a7df50c629d5e076f547da3b0bf101ff53e8aad71113bc3b097acc132ea693c2013c61a9e8871a74cc80c52fac8a9541005a28417ff56ab7efcbccbdf841397b5c623c5e8f7b6056662be480a8c070d682b84115e21f174dcf4a2fe78a84b6c3e90ef5fe0420af884902d960dff2c5b95fc2fe8994aee53a0b059913776c84aab5e6d60d5dbd05b3237e838e32edd6ec95e93f5"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}]}, 0x1e8}}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000340)={0xf0f03f, 0x6e}) socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550c, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000b80)={'macvlan0\x00', &(0x7f0000000a80)=@ethtool_drvinfo={0x3, "7afdff9ea91ccd75067284b4ec745d41b5fc567e6b0c5e218093888bc57d1b06", "44d03590cba41878e4940497e8e6587981251df7c01617fa24d4094dcd378ab3", "578832e36fbadc5c79ae09b32b71c2324154cd33a79bfd8e585e1604239b374f", "ca8a99cb2c837bcb144110ff19e5e5717a731cce9cdcddf43cddfba4802c1a4c", "f8671db4bafedcc2f4b64a141d8da355c1d6187eaf838b775544a5e1418db403", "b0f4214db127631d6e52fe74", 0x8000, 0x5, 0x2, 0x5, 0x9}}) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r5, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f00000002c0)={0x48, 0x7, r2, 0x0, 0x10000, 0x0, 0x3, 0x2ca584, 0x27158b}) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000200), 0x40180, 0x0) read$FUSE(r6, &(0x7f0000004300)={0x2020}, 0x2020) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f0000000000)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f00000021c0)=""/4098, 0x1002}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) 2.623333197s ago: executing program 3 (id=518): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x4c, 0x12, 0x101, 0x1000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x0, [0x0, 0x0, 0x0, 0x2000000], [0x0, 0x0, 0x9], 0x0, [0x40000000]}, 0x400}}, 0x4c}}, 0x0) 2.413446234s ago: executing program 1 (id=519): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000180)=0x3) ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000200)=0x8) pwritev(r2, &(0x7f0000000040)=[{&(0x7f0000000240)='\x00!', 0x2}], 0x1, 0x73a, 0x1) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000f821fdaf6e10ae526c2fd2c0d2c66f99558e4b235ebf8938c886b9cca3520f1974b140c9cb4af3c8d1af4bb09225888a8aae394ea1284fe9f687b50ac6bf023f006644b433c7c890744f6c93469fa485ae35e780c5e8dc334ea96cc7f35463891cb59f", @ANYRES32=r1, @ANYBLOB="000000001000000004001a"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r7, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38) sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x8}}], 0x18}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r8, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c09d000560333"], 0x398}}, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x20, r5, 0x2, 0x70bd27, 0x25dfdbff, {{}, {@void, @void, @val={0xc, 0x99, {0x79, 0x2f}}}}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000010}, 0x240200c0) 2.363941075s ago: executing program 3 (id=520): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x4a, 0x0, &(0x7f0000000040)) bind$can_raw(r0, &(0x7f0000000240)={0x1d, r1}, 0x10) syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a72b7a104c05e102c8e201020301090224000100000000090471020216fa1f000905e702100000fa0009058202"], 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.stat\x00', 0x275a, 0x0) write$FUSE_INIT(r3, &(0x7f0000000140)={0x50, 0xb, 0x0, {0x7, 0x29, 0xfefffffa, 0x4048388c, 0x4, 0x80, 0x5, 0x41, 0x0, 0x0, 0x100, 0x3000b}}, 0x50) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x2000, 0x800, 0x0) read$FUSE(r4, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r4, &(0x7f0000001200)={0x50, 0x0, r5, {0x7, 0x2b, 0x3, 0x200c0400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50) read$FUSE(r4, &(0x7f0000004340)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r4, &(0x7f0000000200)={0x10, 0xffffffffffffffda, r6}, 0x10) socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_INIT(r3, 0x29, 0xc8, &(0x7f0000000080), 0x4) sendfile(r0, r3, &(0x7f0000000040)=0x11, 0x1000) ioctl$VIDIOC_SUBDEV_G_CROP(r3, 0xc038563b, &(0x7f0000000100)={0x0, 0x0, {0x5, 0x4, 0x8, 0x5}}) syz_usb_connect(0x0, 0x52, &(0x7f0000000280)=ANY=[@ANYRES64=r3, @ANYRESHEX=r1, @ANYRESHEX=r1, @ANYRESHEX=0x0, @ANYRES16=r3, @ANYRES32=0x0, @ANYRES16, @ANYRES16=r1, @ANYRES16=r2, @ANYRES32], 0x0) syz_open_dev$media(&(0x7f0000000200), 0x33b, 0x4000) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'nr0\x00', 0x200}) 2.015953464s ago: executing program 1 (id=521): openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1000000000f, 0x400100) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x6}) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38}) r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r7 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@loopback, 0xfffd, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0x4, 0x1, 0x0, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x2, 0x2}, {{@in=@empty, 0x1, 0x32}, 0xa, @in6=@private0, 0x3502, 0x1, 0x0, 0x0, 0x400, 0xfffffffd}}, 0xe8) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) syz_open_dev$video(&(0x7f0000000140), 0xd, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r9 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r9, &(0x7f0000000880)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r9, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0, 0x300}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c000400"/44, @ANYRES32=0x0], 0x30}], 0x1, 0x0) 1.960303407s ago: executing program 2 (id=522): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)={0x38, r2, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xfd}]}, 0x38}, 0x1, 0x0, 0x1000000, 0x4010}, 0x0) 1.824060864s ago: executing program 2 (id=523): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000040c41090ea00000000000109022400010000002009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="2001d4"], 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000002380)={{}, 0x0, 0x0, 0x2, {0x4, 0x1}, 0x3, 0x800}) syz_usb_control_io(r0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000180)={0x0, 0x5, 0x5, &(0x7f0000000240)={0x22, "a52422ffd60775c221c4031d467d6648a97569b7d4c1492d050600000000ff0800"}}) 1.693382516s ago: executing program 4 (id=524): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14, 0x10, 0x1, 0x0, 0xf5}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800) 1.567318999s ago: executing program 4 (id=525): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = memfd_create(&(0x7f00000001c0)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\v\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\xd5)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback={0x9000000}}, 0x1c) 1.388095662s ago: executing program 4 (id=526): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8a002, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c00"], 0x80}}, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c) 1.188783376s ago: executing program 4 (id=527): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), r0) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002ebd7000000000001400000018000180140002006e657464657673696d3000000000000005000b000100000008000d000d000000080009000900000008000a"], 0x4c}}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x2c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_4ADDR={0x5}]}, 0x2c}}, 0x0) 1.084204941s ago: executing program 4 (id=528): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, 0xffffffffffffffff, 0x2000) r2 = io_uring_setup(0x191a, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) msgrcv(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1000) msgsnd(0x0, &(0x7f0000000340)=ANY=[], 0xf1, 0x800) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x4000000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000500)=@ethtool_pauseparam={0x13, 0x8, 0x101, 0x17}}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000809) sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4804) sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x74}}, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r6 = fsopen(&(0x7f0000000300)='btrfs\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r6, 0x2, &(0x7f0000000080)='discard', &(0x7f0000000200)='\t', 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000003000000000000000000000009700c0ffffffffff95"], &(0x7f00000002c0)='GPL\x00', 0xf}, 0x94) syz_emit_ethernet(0x4a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86cd608a37f200142c01fe800000000000000003000000ca00bbfe800000001ac21b7c000000000000aa11000005ab2b353fbde8980be8fc3c825b3d4435d7a3dbd40c8c9a5a9f79686474f8907679f7fad9a831dfe8b3aec643e4008cfc759763ba1109529864967d69892b1718d8a32154f4de1391de0b3bf5670b8ac16ce583931d0763e1acaf330ea98a48bcd5aa872d8280e7dae1ad456ac47f2de9e4aad52aae49d911b7acf4d8db0a62924f8443f4b204469698295c877c08dc5b3f58c42efe0000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000990780000"], 0x0) 767.102428ms ago: executing program 1 (id=529): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000bc0)=@delchain={0x1e8, 0x65, 0x2, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x1}, {0x0, 0xd}, {0xffe0, 0xd}}, [@filter_kind_options=@f_flower={{0xb}, {0x50, 0x2, [@TCA_FLOWER_KEY_CVLAN_ID={0x6, 0x4d, 0xfa7}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x7ff}, @TCA_FLOWER_KEY_ICMPV4_CODE_MASK={0x5}, @TCA_FLOWER_KEY_ARP_SIP_MASK={0x8, 0x3a, 0xffffffff}, @TCA_FLOWER_KEY_IPV6_SRC_MASK={0x14, 0xf, [0xff000000, 0x0, 0xffffffff, 0xffffff00]}, @TCA_FLOWER_KEY_SCTP_DST_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}, @TCA_FLOWER_KEY_MPLS_LABEL={0x8, 0x46, 0xa1}]}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x158, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_ACT={0x64, 0x1, [@m_mirred={0x60, 0x5, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0xcdf, 0xffffffff, 0x10000000, 0x2, 0xfffff001}, 0x4}}]}, {0x11, 0x6, "d527360c37d81b077c369a3b45"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x4}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_ACT={0xe0, 0x1, [@m_skbedit={0xdc, 0x2, 0x0, 0x0, {{0xc}, {0x4}, {0xae, 0x6, "ebf4de38465b5dccbe6f251bbe8231a02391528515292a7df50c629d5e076f547da3b0bf101ff53e8aad71113bc3b097acc132ea693c2013c61a9e8871a74cc80c52fac8a9541005a28417ff56ab7efcbccbdf841397b5c623c5e8f7b6056662be480a8c070d682b84115e21f174dcf4a2fe78a84b6c3e90ef5fe0420af884902d960dff2c5b95fc2fe8994aee53a0b059913776c84aab5e6d60d5dbd05b3237e838e32edd6ec95e93f5"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}]}, 0x1e8}}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000340)={0xf0f03f, 0x6e}) socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550c, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000b80)={'macvlan0\x00', &(0x7f0000000a80)=@ethtool_drvinfo={0x3, "7afdff9ea91ccd75067284b4ec745d41b5fc567e6b0c5e218093888bc57d1b06", "44d03590cba41878e4940497e8e6587981251df7c01617fa24d4094dcd378ab3", "578832e36fbadc5c79ae09b32b71c2324154cd33a79bfd8e585e1604239b374f", "ca8a99cb2c837bcb144110ff19e5e5717a731cce9cdcddf43cddfba4802c1a4c", "f8671db4bafedcc2f4b64a141d8da355c1d6187eaf838b775544a5e1418db403", "b0f4214db127631d6e52fe74", 0x8000, 0x5, 0x2, 0x5, 0x9}}) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r5, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f00000002c0)={0x48, 0x7, r2, 0x0, 0x10000, 0x0, 0x3, 0x2ca584, 0x27158b}) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000200), 0x40180, 0x0) read$FUSE(r6, &(0x7f0000004300)={0x2020}, 0x2020) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f0000000000)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f00000021c0)=""/4098, 0x1002}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) 689.969475ms ago: executing program 0 (id=530): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500002100000018b5408e00000008000300", @ANYRES32=r2], 0x24}}, 0x0) 546.272341ms ago: executing program 3 (id=531): r0 = memfd_create(&(0x7f0000001cc0)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff\x91g4\xf9\x18\x16\xdeaG\xd2\"\xb3gh ;\xd8\xfa\x9b\xf3\xf8\xfb:\xd4\xe5\x19\xd8\xa7\x8d\xe2\xed`e\x81sW_\xd3*C\xfa\x1c\a\x01~+\x94\x85y\x02\x00\xe6\xaf\xec\x81\x81V\t1\x92Q\xc5\xe5\x92\xe8P\xa0dL\xd4Om\xc3\xb8\xdf\x19z\x1f\x12\xd4\xafO\xb4\r\xc3y\xae\xf2`5\x94\xe6:/u,\x9d\xb94\x80\x19\xd83\x15b\x19\xc5\xb5\x00C\x01\xcey\x15\xbb\xb4\x85\xd9\xce\x803j\xcb\xe0<\x95\xe7n{@\xb9\x92\xe0\xe0\xdc\x9a\x7f\xe9]0\x01\"\xc4\x99\x8f7\x9a|\x0e\xca\xc8\n\x17>\xc3\x87O\x04\x93\\\xad%L\xee^\x96y\xac\xf7\xf5\xad/\x0e\x9bq\x83\x86Sz\x84s\xach\xfd\x05\tV\x8dg\xe6b\xef\xe2\x90v\xbez\xf2oo\x8b\x92X\xdf\x0e\x05\xcd\xd9B\xf0OV\x13\xa1b\x81\xba_\b];\xe4\xdfx\xc1\xc7j\x1dH\xdd\xf7\x0e\xd2\x056\x8cL\x13U\x98\xcf\x17\x7f\x85\xcf8\xc8o%k\x90\x15\xa8\xc6\x17c\xbcc\xb7\xb7~\x86\x1c\xf3\x96\r. (\x89\xde\xd3\x9d\xb3e\a^\x1c\xbc\x8a\x84\xd4\nv\xfa:\xae@\x96\x00\x00\x00\x00\x00\x00\x00\x00\xf5u\xa8:\x02\xe1td\xac\xf5v\x9a7\x0e-\xa7?\x81r\x0f\x05\xe9\xa5K\xe6\xa5n\x99B\xe6(E\xfb\xa4\xbdw\xf4!1pN}\x91\xca\'2P\x9c\x9c\xe5\xa8\xff\x8csO\"@\xf4o\x80\xcbuK^&d\xba\xd1\x9f\xc7T\"g\xde\x95\xe2t\x1e\xe5\x06\r\xf1\x82\xf0\xaaa\xe4\xcd\"\x16\xad\x15I\xa6\xf4\v\xdd\xb4]\xa2_\xef7F\xec\x18\xe1#\x93\xcb\xf9C\xb2U\r\xffv\f\t\xdfS\x9bZ*\x9fEb;,0~\x00\xd9v\x90\xe4z@\xf7\xe7l\xd1\x8e#\xae\xb3\x97/\xb2OX=\xbd\x87\x13\xf6\tK\x94\xf6=\xd8\x90\x88\xda\xc1\x03\xc0\xd3\x01\xad\xa1\x05\xa3z\xc5\\\x00\x00\x00\x00\x98TH\xd3}\xfc\xfe|}+ \v\x1f\xb0\xf2\xf8\x8d\xeen\xf3\x90[\xf3\xd7\xddo\xdd\xe8\x02u\x93\x9a\xbe\xb2\xf6\x83]\x86\t\x82\x10\xb0\xd3\x0e\x9d\xeaT\x82\aL\xca\xbc\xaf\xb9XO@\x80\x13\xa4\xef\xe6\xcf\xb5`\\\x86\x8d\x9c\x90W\x00\x00\x00|\x9f\xa2\x95\xc1M\xca\x93\xd1\x87\xc6\x10\x9d<\x01\xc0\xa6\x18\xfd\xdb\xdb\xe8$%,T\xf9\x10`H~\x85\x85\xd8\xfb\xa5qOl\xcet\x1d\xb0D\a2\xa8\b\xc9]\x03\xa9\xae\x8cO6kx\xdeI\xf3\xd45\xeeP\xab?{u\v\x8f\x0e\x8c\x19\xb3\xf9\xb7\x88\xb1\xa8\xf5CI*\xcd\vi\x94=%\xb9\xcc\v\xe2\xbe,%\x9a?\xcd\xba$', 0x1) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000140)={0x1e8, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x1e8}, 0x1, 0x0, 0x0, 0x40000}, 0x44040) 496.691174ms ago: executing program 1 (id=532): r0 = epoll_create1(0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/mdstat\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x90000000}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x12, 0x2}, &(0x7f0000044000)=0x0) r3 = mq_open(&(0x7f0000000100)='\x00', 0x40, 0x21, &(0x7f00000001c0)={0x7, 0x8, 0x0, 0x1}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000200)=0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gre={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @private=0xa010101}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x81}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40084}, 0x0) mq_notify(r3, &(0x7f0000000280)={0x0, 0x6, 0x0, @tid=r4}) rt_sigaction(0x12, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff, {[0x400]}}, 0x0, 0x8, &(0x7f0000000180)) timer_settime(0x0, 0x1, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_settime(r2, 0x1, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x3938700}}, 0x0) syz_usb_connect$uac1(0x2, 0xaa, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902980003010000000904000000010100000a2401000000020102132406040006030000000000000000000000000924030000010000ff0924050000f8431cfd0924030604030204001b24040402090401"], 0x0) 372.010381ms ago: executing program 0 (id=533): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}, 0x1, 0xa00000000000000}, 0x0) 335.94732ms ago: executing program 0 (id=534): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]}) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7ff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') faccessat2(r0, &(0x7f0000000040)='\x00', 0x1, 0x1300) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x28, 0x0, 0x7, 0xb9970f097c16bb1b, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x20088004}, 0x8000) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmstat\x00', 0x0, 0x0) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r3, r2, &(0x7f0000002080)=0x64, 0x21c) fchdir(r3) 171.133819ms ago: executing program 3 (id=535): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd0000000100", r5}) ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f0000000a40)=0xfff) r6 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b [ 108.226865][ T6459] dump_stack_lvl+0x189/0x250 [ 108.226890][ T6459] ? __pfx____ratelimit+0x10/0x10 [ 108.226908][ T6459] ? __pfx_dump_stack_lvl+0x10/0x10 [ 108.226927][ T6459] ? __pfx__printk+0x10/0x10 [ 108.226954][ T6459] ? __pfx___might_resched+0x10/0x10 [ 108.226970][ T6459] ? fs_reclaim_acquire+0x7d/0x100 [ 108.226990][ T6459] should_fail_ex+0x414/0x560 [ 108.227017][ T6459] ? __pfx_proc_alloc_inode+0x10/0x10 [ 108.227035][ T6459] should_failslab+0xa8/0x100 [ 108.227059][ T6459] ? __pfx_proc_alloc_inode+0x10/0x10 [ 108.227076][ T6459] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 108.227096][ T6459] ? proc_alloc_inode+0x2a/0xc0 [ 108.227119][ T6459] ? __pfx_proc_alloc_inode+0x10/0x10 [ 108.227136][ T6459] proc_alloc_inode+0x2a/0xc0 [ 108.227154][ T6459] alloc_inode+0x6a/0x1b0 [ 108.227180][ T6459] new_inode+0x22/0x170 [ 108.227200][ T6459] proc_setup_thread_self+0xbe/0x250 [ 108.227218][ T6459] ? proc_fill_super+0x556/0x770 [ 108.227243][ T6459] ? __pfx_proc_fill_super+0x10/0x10 [ 108.227265][ T6459] get_tree_nodev+0xbb/0x150 [ 108.227289][ T6459] vfs_get_tree+0x92/0x2b0 [ 108.227313][ T6459] vfs_cmd_create+0xa2/0x200 [ 108.227336][ T6459] __se_sys_fsconfig+0x78e/0x8d0 [ 108.227360][ T6459] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 108.227381][ T6459] ? __pfx_ksys_write+0x10/0x10 [ 108.227403][ T6459] ? __secure_computing+0xe2/0x2a0 [ 108.227423][ T6459] ? __x64_sys_fsconfig+0x20/0xc0 [ 108.227444][ T6459] do_syscall_64+0xfa/0x3b0 [ 108.227461][ T6459] ? lockdep_hardirqs_on+0x9c/0x150 [ 108.227478][ T6459] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.227495][ T6459] ? clear_bhb_loop+0x60/0xb0 [ 108.227515][ T6459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.227531][ T6459] RIP: 0033:0x7f022cb8ec29 [ 108.227547][ T6459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.227560][ T6459] RSP: 002b:00007f022daec038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 108.227577][ T6459] RAX: ffffffffffffffda RBX: 00007f022cdd5fa0 RCX: 00007f022cb8ec29 [ 108.227589][ T6459] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 108.227599][ T6459] RBP: 00007f022daec090 R08: 0000000000000000 R09: 0000000000000000 [ 108.227609][ T6459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 108.227618][ T6459] R13: 00007f022cdd6038 R14: 00007f022cdd5fa0 R15: 00007f022ceffa28 [ 108.227648][ T6459] [ 108.227803][ T6459] proc_fill_super: can't allocate /proc/thread-self [ 108.282658][ T43] usb 4-1: config 0 descriptor?? [ 108.884471][ T43] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 108.892735][ T5947] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 109.025235][ T5947] usb 5-1: device descriptor read/64, error -71 [ 109.265140][ T5947] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 109.395159][ T5947] usb 5-1: device descriptor read/64, error -71 [ 109.505609][ T5947] usb usb5-port1: attempt power cycle [ 109.514041][ T6494] CIFS: VFS: Malformed UNC in devname [ 109.954832][ T6498] fuse: Bad value for 'fd' [ 110.156006][ T5947] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 110.194691][ T6501] netlink: 5 bytes leftover after parsing attributes in process `syz.3.105'. [ 110.232481][ T5947] usb 5-1: device descriptor read/8, error -71 [ 110.549450][ T5947] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 110.575762][ T5947] usb 5-1: device descriptor read/8, error -71 [ 110.721968][ T5947] usb usb5-port1: unable to enumerate USB device [ 110.741143][ T6519] lo: entered promiscuous mode [ 110.749566][ T6519] tunl0: entered promiscuous mode [ 110.755871][ T6519] gre0: entered promiscuous mode [ 110.762987][ T6519] gretap0: entered promiscuous mode [ 110.772768][ T6519] erspan0: entered promiscuous mode [ 110.779519][ T6519] ip_vti0: entered promiscuous mode [ 110.786030][ T6519] ip6_vti0: entered promiscuous mode [ 110.804252][ T6519] sit0: entered promiscuous mode [ 110.811158][ T6519] ip6tnl0: entered promiscuous mode [ 110.817918][ T6519] ip6gre0: entered promiscuous mode [ 110.823997][ T6519] syz_tun: entered promiscuous mode [ 110.830000][ T6519] ip6gretap0: entered promiscuous mode [ 110.836232][ T6519] bridge0: entered promiscuous mode [ 110.842175][ T6519] vcan0: entered promiscuous mode [ 110.847739][ T6519] bond0: entered promiscuous mode [ 110.852864][ T6519] bond_slave_0: entered promiscuous mode [ 110.859106][ T6519] bond_slave_1: entered promiscuous mode [ 110.866037][ T6519] team0: entered promiscuous mode [ 110.871550][ T6519] team_slave_0: entered promiscuous mode [ 110.877569][ T6519] team_slave_1: entered promiscuous mode [ 110.884488][ T6519] dummy0: entered promiscuous mode [ 110.891635][ T6519] nlmon0: entered promiscuous mode [ 110.912166][ T6519] caif0: entered promiscuous mode [ 110.931688][ T6519] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 110.952789][ T6520] loop3: detected capacity change from 0 to 1 [ 110.962395][ T6520] Dev loop3: unable to read RDB block 1 [ 110.968899][ T6520] loop3: unable to read partition table [ 110.974767][ T6520] loop3: partition table beyond EOD, truncated [ 110.981361][ T6520] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 111.389257][ T5954] usb 4-1: USB disconnect, device number 4 [ 111.525248][ T5947] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 111.736438][ T5947] usb 1-1: Using ep0 maxpacket: 32 [ 111.757481][ T5947] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 111.784178][ T5947] usb 1-1: config 0 has no interface number 0 [ 111.812519][ T5947] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 111.961199][ T5947] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.033183][ T5947] usb 1-1: Product: syz [ 112.068855][ T5947] usb 1-1: Manufacturer: syz [ 112.093986][ T5947] usb 1-1: SerialNumber: syz [ 112.121726][ T6544] fuse: Bad value for 'fd' [ 112.168031][ T5947] usb 1-1: config 0 descriptor?? [ 112.209596][ T5947] smsc95xx v2.0.0 [ 112.914121][ T5956] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 113.285352][ T5956] usb 2-1: Using ep0 maxpacket: 8 [ 113.376234][ T5956] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 113.395520][ T5956] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.458108][ T5956] pvrusb2: Hardware description: Terratec Grabster AV400 [ 113.544103][ T5956] pvrusb2: ********** [ 113.554176][ T5956] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 113.589273][ T5956] pvrusb2: Important functionality might not be entirely working. [ 113.624559][ T5956] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 113.662904][ T5956] pvrusb2: ********** [ 113.683976][ T6524] openvswitch: netlink: ufid size 175 bytes exceeds the range (1, 16) [ 113.695426][ T6524] openvswitch: netlink: Key 8 has unexpected len 4 expected 40 [ 113.713837][ T2344] pvrusb2: Invalid write control endpoint [ 113.759724][ T5947] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 113.774354][ T5947] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 113.854451][ T5947] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 113.877206][ T2344] pvrusb2: Invalid write control endpoint [ 113.883000][ T2344] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 113.924037][ T2344] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 113.932692][ T5947] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 113.959519][ T2344] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 114.007606][ T2344] pvrusb2: Device being rendered inoperable [ 114.016612][ T5947] usb 1-1: USB disconnect, device number 5 [ 114.032964][ T6548] pvrusb2: Attempted to execute control transfer when device not ok [ 114.053899][ T2344] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 114.074517][ T9] usb 2-1: USB disconnect, device number 3 [ 114.110364][ T2344] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 114.142984][ T2344] pvrusb2: Attached sub-driver cx25840 [ 114.162502][ T2344] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 114.178265][ T2344] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 115.065334][ T5954] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 115.266734][ T5954] usb 4-1: Using ep0 maxpacket: 32 [ 115.324888][ T5954] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 115.344982][ T5954] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 115.381323][ T6592] netlink: 4 bytes leftover after parsing attributes in process `syz.1.149'. [ 115.393520][ T6592] netlink: 12 bytes leftover after parsing attributes in process `syz.1.149'. [ 115.487705][ T5954] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 115.498407][ T6593] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 115.515519][ T5954] usb 4-1: config 1 has no interface number 0 [ 115.532197][ T5954] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 115.572844][ T5954] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 115.603242][ T5954] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 115.700672][ T5954] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.773868][ T5954] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 115.842365][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 116.134375][ T5954] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 116.548481][ T6600] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 116.564035][ T6600] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 116.742200][ T5957] usb 4-1: USB disconnect, device number 5 [ 116.801451][ T5957] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 117.628728][ T5957] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 117.897262][ T5957] usb 4-1: Using ep0 maxpacket: 16 [ 117.920953][ T5957] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.021549][ T5957] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.114765][ T5957] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 118.265192][ T5957] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 118.316438][ T5957] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.430580][ T5957] usb 4-1: config 0 descriptor?? [ 118.535036][ T6615] binder: 6614:6615 ioctl 40046210 0 returned -14 [ 118.604937][ T6617] mmap: syz.2.153 (6617) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 118.619675][ T6617] fuse: Unknown parameter ' [ 118.619675][ T6617] ' [ 118.874715][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 118.883701][ T9] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 118.894367][ T9] usb 2-1: can't read configurations, error -71 [ 118.903870][ T5957] microsoft 0003:045E:07DA.0003: unbalanced collection at end of report description [ 118.931106][ T5957] microsoft 0003:045E:07DA.0003: parse failed [ 118.954004][ T5957] microsoft 0003:045E:07DA.0003: probe with driver microsoft failed with error -22 [ 119.096807][ T6607] netlink: 'syz.3.151': attribute type 3 has an invalid length. [ 119.104597][ T6607] netlink: 3 bytes leftover after parsing attributes in process `syz.3.151'. [ 119.116243][ T5957] usb 4-1: USB disconnect, device number 6 [ 119.309902][ T6629] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 119.795337][ T5927] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 119.943873][ T6644] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.162'. [ 120.271707][ T5927] usb 5-1: config index 0 descriptor too short (expected 69, got 36) [ 120.307726][ T5927] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 120.327678][ T5927] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 120.355670][ T5927] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 120.379925][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.392237][ T5927] usb 5-1: Product: syz [ 120.396500][ T5927] usb 5-1: Manufacturer: syz [ 120.401250][ T5927] usb 5-1: SerialNumber: syz [ 120.416664][ T5927] usb 5-1: config 0 descriptor?? [ 120.807607][ T6636] netlink: 40 bytes leftover after parsing attributes in process `syz.4.160'. [ 120.842940][ T9] usb 5-1: USB disconnect, device number 11 [ 121.935575][ T5927] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 122.685136][ T5927] usb 5-1: Using ep0 maxpacket: 32 [ 122.703258][ T5927] usb 5-1: config 5 has an invalid interface number: 227 but max is 2 [ 122.721879][ T5927] usb 5-1: config 5 contains an unexpected descriptor of type 0x2, skipping [ 122.766443][ T5927] usb 5-1: config 5 has an invalid interface number: 18 but max is 2 [ 122.830910][ T5927] usb 5-1: config 5 has an invalid interface number: 221 but max is 2 [ 122.861928][ T5927] usb 5-1: config 5 has an invalid interface number: 5 but max is 2 [ 122.880830][ T6668] FAULT_INJECTION: forcing a failure. [ 122.880830][ T6668] name failslab, interval 1, probability 0, space 0, times 0 [ 122.898397][ T5927] usb 5-1: config 5 has an invalid interface number: 57 but max is 2 [ 122.940575][ T5927] usb 5-1: config 5 has 5 interfaces, different from the descriptor's value: 3 [ 122.945253][ T6668] CPU: 0 UID: 0 PID: 6668 Comm: syz.2.170 Not tainted syzkaller #0 PREEMPT(full) [ 122.945277][ T6668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 122.945290][ T6668] Call Trace: [ 122.945297][ T6668] [ 122.945305][ T6668] dump_stack_lvl+0x189/0x250 [ 122.945335][ T6668] ? __pfx____ratelimit+0x10/0x10 [ 122.945353][ T6668] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.945372][ T6668] ? __pfx__printk+0x10/0x10 [ 122.945407][ T6668] should_fail_ex+0x414/0x560 [ 122.945435][ T6668] should_failslab+0xa8/0x100 [ 122.945459][ T6668] __kmalloc_cache_noprof+0x70/0x3d0 [ 122.945479][ T6668] ? sctp_add_bind_addr+0x8c/0x370 [ 122.945500][ T6668] sctp_add_bind_addr+0x8c/0x370 [ 122.945521][ T6668] sctp_copy_local_addr_list+0x30b/0x4e0 [ 122.945547][ T6668] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 122.945571][ T6668] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 122.945596][ T6668] ? sctp_v6_is_any+0x64/0x80 [ 122.945614][ T6668] ? sctp_copy_one_addr+0x93/0x360 [ 122.945633][ T6668] sctp_bind_addr_copy+0xb3/0x3c0 [ 122.945650][ T6668] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 122.945674][ T6668] sctp_connect_new_asoc+0x2e0/0x690 [ 122.945703][ T6668] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 122.945720][ T6668] ? __local_bh_enable_ip+0x12d/0x1c0 [ 122.945744][ T6668] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 122.945763][ T6668] ? security_sctp_bind_connect+0x7e/0x2e0 [ 122.945787][ T6668] sctp_sendmsg+0x155c/0x2810 [ 122.945818][ T6668] ? __pfx_sctp_sendmsg+0x10/0x10 [ 122.945839][ T6668] ? aa_sk_perm+0x81e/0x950 [ 122.945868][ T6668] ? __pfx_aa_sk_perm+0x10/0x10 [ 122.945893][ T6668] ? sock_rps_record_flow+0x19/0x410 [ 122.945919][ T6668] ? inet_sendmsg+0x2f4/0x370 [ 122.945943][ T6668] __sock_sendmsg+0x19c/0x270 [ 122.945970][ T6668] __sys_sendto+0x3bd/0x520 [ 122.945991][ T6668] ? __pfx___sys_sendto+0x10/0x10 [ 122.946006][ T6668] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 122.946037][ T6668] ? __fget_files+0x3a0/0x420 [ 122.946063][ T6668] ? ksys_write+0x22a/0x250 [ 122.946085][ T6668] ? __pfx_ksys_write+0x10/0x10 [ 122.946102][ T6668] ? rcu_is_watching+0x15/0xb0 [ 122.946123][ T6668] __x64_sys_sendto+0xde/0x100 [ 122.946144][ T6668] do_syscall_64+0xfa/0x3b0 [ 122.946161][ T6668] ? lockdep_hardirqs_on+0x9c/0x150 [ 122.946177][ T6668] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.946193][ T6668] ? clear_bhb_loop+0x60/0xb0 [ 122.946213][ T6668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.946228][ T6668] RIP: 0033:0x7fe81638ec29 [ 122.946251][ T6668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.946264][ T6668] RSP: 002b:00007fe817163038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 122.946285][ T6668] RAX: ffffffffffffffda RBX: 00007fe8165d5fa0 RCX: 00007fe81638ec29 [ 122.946297][ T6668] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000004 [ 122.946307][ T6668] RBP: 00007fe817163090 R08: 0000200000000100 R09: 000000000000001c [ 122.946317][ T6668] R10: 0000000024004000 R11: 0000000000000246 R12: 0000000000000002 [ 122.946327][ T6668] R13: 00007fe8165d6038 R14: 00007fe8165d5fa0 R15: 00007fe8166ffa28 [ 122.946355][ T6668] [ 123.175193][ T5957] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 123.180425][ T5927] usb 5-1: config 5 has no interface number 0 [ 123.285316][ T5927] usb 5-1: config 5 has no interface number 1 [ 123.291416][ T5927] usb 5-1: config 5 has no interface number 2 [ 123.297728][ T5927] usb 5-1: config 5 has no interface number 3 [ 123.303803][ T5927] usb 5-1: config 5 has no interface number 4 [ 123.318602][ T5927] usb 5-1: config 5 interface 227 altsetting 3 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 123.344878][ T5927] usb 5-1: config 5 interface 227 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 123.464597][ T5927] usb 5-1: config 5 interface 227 altsetting 3 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 123.479040][ T5927] usb 5-1: config 5 interface 227 altsetting 3 endpoint 0x8B has invalid maxpacket 1023, setting to 64 [ 123.490493][ T5957] usb 4-1: Using ep0 maxpacket: 16 [ 123.494089][ T5957] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 123.497499][ T5927] usb 5-1: config 5 interface 227 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 123.561638][ T5927] usb 5-1: config 5 interface 227 altsetting 3 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 123.562234][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.716983][ T5927] usb 5-1: config 5 interface 227 altsetting 3 has a duplicate endpoint with address 0x5, skipping [ 123.739116][ T5957] usb 4-1: Product: syz [ 123.753174][ T5957] usb 4-1: Manufacturer: syz [ 123.758328][ T5927] usb 5-1: config 5 interface 227 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 123.758908][ T5957] usb 4-1: SerialNumber: syz [ 123.780925][ T5957] usb 4-1: config 0 descriptor?? [ 123.800678][ T5957] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 123.867375][ T5927] usb 5-1: too many endpoints for config 5 interface 18 altsetting 168: 58, using maximum allowed: 30 [ 123.882124][ T5927] usb 5-1: config 5 interface 18 altsetting 168 has 0 endpoint descriptors, different from the interface descriptor's value: 58 [ 123.910711][ T5927] usb 5-1: config 5 interface 5 altsetting 3 has a duplicate endpoint with address 0xB, skipping [ 123.921852][ T5927] usb 5-1: config 5 interface 5 altsetting 3 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 124.001813][ T5927] usb 5-1: config 5 interface 5 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 124.013357][ T5927] usb 5-1: config 5 interface 5 altsetting 3 has 5 endpoint descriptors, different from the interface descriptor's value: 16 [ 124.027817][ T5927] usb 5-1: config 5 interface 57 altsetting 70 has a duplicate endpoint with address 0x4, skipping [ 124.042374][ T5927] usb 5-1: config 5 interface 57 altsetting 70 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 124.054785][ T5927] usb 5-1: config 5 interface 57 altsetting 70 has an endpoint descriptor with address 0xDA, changing to 0x8A [ 124.067392][ T5927] usb 5-1: config 5 interface 57 altsetting 70 has a duplicate endpoint with address 0xA, skipping [ 124.081736][ T5927] usb 5-1: config 5 interface 57 altsetting 70 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 124.112030][ T5927] usb 5-1: config 5 interface 57 altsetting 70 has a duplicate endpoint with address 0x6, skipping [ 124.126291][ T5927] usb 5-1: config 5 interface 57 altsetting 70 has an invalid descriptor for endpoint zero, skipping [ 124.139453][ T5927] usb 5-1: config 5 interface 57 altsetting 70 has a duplicate endpoint with address 0x4, skipping [ 124.153696][ T5927] usb 5-1: config 5 interface 57 altsetting 70 has a duplicate endpoint with address 0xE, skipping [ 124.165516][ T5947] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 124.178006][ T5927] usb 5-1: config 5 interface 57 altsetting 70 has a duplicate endpoint with address 0x5, skipping [ 124.192584][ T5927] usb 5-1: config 5 interface 227 has no altsetting 0 [ 124.200706][ T5927] usb 5-1: config 5 interface 18 has no altsetting 0 [ 124.213190][ T5927] usb 5-1: config 5 interface 221 has no altsetting 0 [ 124.223621][ T5927] usb 5-1: config 5 interface 5 has no altsetting 0 [ 124.233785][ T5927] usb 5-1: config 5 interface 57 has no altsetting 0 [ 124.244885][ T5927] usb 5-1: New USB device found, idVendor=19d2, idProduct=ffc8, bcdDevice=51.3d [ 124.257836][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.266345][ T5927] usb 5-1: Product: â°Š [ 124.275034][ T5927] usb 5-1: Manufacturer: 阧⊚뇗ï«ä„¶â™Ÿäµï¨°ï¼‚䢉쑵ﴫ磧ᖶ礗ᄶ铈裭ด㘬ㄘ췤肂㞛殈ⷠ噴㜗髙뒕줫﮳憶á½è­žæ¤¬ã‚㭞젾座ë¼ç£¼é©Œë¨¸æ‡šî‡ê™ˆãœ°êŠï”¾ä¢“ጘ챗湑節肀鴑⚄罜輿피专ⰸ誊盃闢먾∵ﲊê¨æŸƒå“®â—譶鈅ï¼å’¿áº…ãœé¤›ã®½í‡‡ê´é’‡î½ Ø¹â¶‚éƒï¯¸îµ·ç’²ãš”旀걖蓅íŸê¾®åƒ³â›Žâ µâ™®ì’½ [ 124.403765][ T5947] usb 2-1: Using ep0 maxpacket: 32 [ 124.455973][ T6669] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.475170][ T6669] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.546818][ T5927] usb 5-1: SerialNumber: ᬈå‘ë—è ï¢ºé‹­ê°œæ¢«íž¸ëŽ«æ‘æ¦ãº±æŸ¿Ä‚ሙⴶç†ã¨ãœµí›ºâ±‡ÏŸê¸´é¶“𥉉篰䡳æ•ä˜ å“žéˆªç²žæ‚Œæ‰ë˜©â½²â˜´ï…Žë¼¦ä‰’鰨妚溊访⯄ã§éˆ¶æ¹á³°ã¸œí†…耢颹봷≥ì£î–›ç©Œé¿à²¡ê£¨ç¤¦è˜žç¡’䵯í¸ã³´ç±•è¸‘晱彌༂ံ柟ï–㨣फ뙑䩲ꩾï€è™¨æ¢…㋵鿚䵅驘깜髪á‘ã¹â„¼ä¯°ê¡¨å®¥î·ƒá®–㕊箘䉙爨쫆视ᜩî¡å©Ÿå¤©à²†á€¬ãŒ²î³‰è†¯ [ 124.584257][ T5947] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 124.593848][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.602592][ T5947] usb 2-1: Product: syz [ 124.613254][ T5947] usb 2-1: Manufacturer: syz [ 124.624921][ T5947] usb 2-1: SerialNumber: syz [ 124.690578][ T5947] usb 2-1: config 0 descriptor?? [ 124.709137][ T5947] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 124.728831][ T5927] option 5-1:5.227: GSM modem (1-port) converter detected [ 124.822854][ T5927] usb 5-1: USB disconnect, device number 12 [ 124.860049][ T5927] option 5-1:5.227: device disconnected [ 124.892101][ T6689] netlink: 20 bytes leftover after parsing attributes in process `syz.4.176'. [ 124.929421][ C1] raw-gadget.2 gadget.1: ignoring, device is not running [ 124.943484][ T5947] gspca_topro: reg_w err -32 [ 124.975283][ T5947] gspca_topro: Sensor soi763a [ 125.031662][ T5947] usb 2-1: USB disconnect, device number 6 [ 125.103766][ T6669] netlink: 68 bytes leftover after parsing attributes in process `syz.3.169'. [ 125.154155][ T5957] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 125.212437][ T5957] usb 4-1: USB disconnect, device number 7 [ 125.591757][ T6706] usb usb1: usbfs: process 6706 (syz.1.182) did not claim interface 42 before use [ 126.197209][ T6723] netlink: 12 bytes leftover after parsing attributes in process `syz.1.184'. [ 126.646668][ T6731] Invalid logical block size (8704) [ 127.670842][ T6745] netlink: 4 bytes leftover after parsing attributes in process `syz.0.194'. [ 128.196446][ T5947] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 128.381124][ T5947] usb 1-1: config index 0 descriptor too short (expected 69, got 36) [ 128.535146][ T5947] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 128.625257][ T5947] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 128.749644][ T5947] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 128.765125][ T5947] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.773143][ T5947] usb 1-1: Product: syz [ 128.784033][ T5947] usb 1-1: Manufacturer: syz [ 128.794749][ T5947] usb 1-1: SerialNumber: syz [ 128.806796][ T5947] usb 1-1: config 0 descriptor?? [ 128.956273][ T886] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 128.977602][ T6773] netlink: 4 bytes leftover after parsing attributes in process `syz.3.201'. [ 129.052878][ T6750] netlink: 40 bytes leftover after parsing attributes in process `syz.0.195'. [ 129.101510][ T6775] netlink: 12 bytes leftover after parsing attributes in process `syz.3.201'. [ 129.145220][ T886] usb 3-1: device descriptor read/64, error -71 [ 129.234752][ T5954] usb 1-1: USB disconnect, device number 6 [ 129.475975][ T886] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 129.617490][ T6777] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 129.785185][ T886] usb 3-1: device descriptor read/64, error -71 [ 129.895647][ T886] usb usb3-port1: attempt power cycle [ 130.275201][ T886] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 130.285515][ T5954] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 130.455259][ T886] usb 3-1: device descriptor read/8, error -71 [ 130.745446][ T886] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 130.798926][ T886] usb 3-1: device descriptor read/8, error -71 [ 130.969629][ T886] usb usb3-port1: unable to enumerate USB device [ 131.584938][ T6801] FAULT_INJECTION: forcing a failure. [ 131.584938][ T6801] name failslab, interval 1, probability 0, space 0, times 0 [ 131.645251][ T6801] CPU: 1 UID: 0 PID: 6801 Comm: syz.2.208 Not tainted syzkaller #0 PREEMPT(full) [ 131.645276][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 131.645286][ T6801] Call Trace: [ 131.645294][ T6801] [ 131.645303][ T6801] dump_stack_lvl+0x189/0x250 [ 131.645327][ T6801] ? __pfx____ratelimit+0x10/0x10 [ 131.645345][ T6801] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.645365][ T6801] ? __pfx__printk+0x10/0x10 [ 131.645401][ T6801] should_fail_ex+0x414/0x560 [ 131.645430][ T6801] should_failslab+0xa8/0x100 [ 131.645454][ T6801] __kmalloc_cache_noprof+0x70/0x3d0 [ 131.645475][ T6801] ? sctp_add_bind_addr+0x8c/0x370 [ 131.645496][ T6801] sctp_add_bind_addr+0x8c/0x370 [ 131.645517][ T6801] sctp_copy_local_addr_list+0x30b/0x4e0 [ 131.645545][ T6801] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 131.645568][ T6801] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 131.645593][ T6801] ? sctp_v6_is_any+0x64/0x80 [ 131.645612][ T6801] ? sctp_copy_one_addr+0x93/0x360 [ 131.645632][ T6801] sctp_bind_addr_copy+0xb3/0x3c0 [ 131.645650][ T6801] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 131.645676][ T6801] sctp_connect_new_asoc+0x2e0/0x690 [ 131.645699][ T6801] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 131.645717][ T6801] ? __local_bh_enable_ip+0x12d/0x1c0 [ 131.645741][ T6801] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 131.645765][ T6801] ? security_sctp_bind_connect+0x7e/0x2e0 [ 131.645790][ T6801] sctp_sendmsg+0x155c/0x2810 [ 131.645822][ T6801] ? __pfx_sctp_sendmsg+0x10/0x10 [ 131.645845][ T6801] ? aa_sk_perm+0x81e/0x950 [ 131.645874][ T6801] ? __pfx_aa_sk_perm+0x10/0x10 [ 131.645900][ T6801] ? sock_rps_record_flow+0x19/0x410 [ 131.645925][ T6801] ? inet_sendmsg+0x2f4/0x370 [ 131.645951][ T6801] __sock_sendmsg+0x19c/0x270 [ 131.645978][ T6801] __sys_sendto+0x3bd/0x520 [ 131.645999][ T6801] ? __pfx___sys_sendto+0x10/0x10 [ 131.646015][ T6801] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 131.646048][ T6801] ? __fget_files+0x3a0/0x420 [ 131.646076][ T6801] ? ksys_write+0x22a/0x250 [ 131.646099][ T6801] ? __pfx_ksys_write+0x10/0x10 [ 131.646117][ T6801] ? rcu_is_watching+0x15/0xb0 [ 131.646140][ T6801] __x64_sys_sendto+0xde/0x100 [ 131.646163][ T6801] do_syscall_64+0xfa/0x3b0 [ 131.646181][ T6801] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.646197][ T6801] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 131.646213][ T6801] ? clear_bhb_loop+0x60/0xb0 [ 131.646234][ T6801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.646250][ T6801] RIP: 0033:0x7fe81638ec29 [ 131.646266][ T6801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.646279][ T6801] RSP: 002b:00007fe817163038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 131.646297][ T6801] RAX: ffffffffffffffda RBX: 00007fe8165d5fa0 RCX: 00007fe81638ec29 [ 131.646309][ T6801] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000004 [ 131.646320][ T6801] RBP: 00007fe817163090 R08: 0000200000000100 R09: 000000000000001c [ 131.646331][ T6801] R10: 0000000024004000 R11: 0000000000000246 R12: 0000000000000002 [ 131.646341][ T6801] R13: 00007fe8165d6038 R14: 00007fe8165d5fa0 R15: 00007fe8166ffa28 [ 131.646371][ T6801] [ 132.335647][ T5957] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 132.458158][ T6809] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 132.495257][ T5957] usb 3-1: Using ep0 maxpacket: 16 [ 132.504846][ T5957] usb 3-1: too many configurations: 180, using maximum allowed: 8 [ 132.542837][ T5957] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 132.562883][ T5957] usb 3-1: can't read configurations, error -61 [ 132.639369][ T5954] usb 4-1: unable to get BOS descriptor or descriptor too short [ 132.667655][ T5954] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 132.688769][ T5954] usb 4-1: can't read configurations, error -71 [ 132.711476][ T5957] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 132.864649][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.871136][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.905151][ T5957] usb 3-1: Using ep0 maxpacket: 16 [ 132.923210][ T5957] usb 3-1: too many configurations: 180, using maximum allowed: 8 [ 132.937250][ T5957] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 132.948610][ T5957] usb 3-1: can't read configurations, error -61 [ 132.959197][ T5957] usb usb3-port1: attempt power cycle [ 133.209109][ T886] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 133.305162][ T5957] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 133.325962][ T5957] usb 3-1: Using ep0 maxpacket: 16 [ 133.338535][ T5957] usb 3-1: too many configurations: 180, using maximum allowed: 8 [ 133.352938][ T6833] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 133.376749][ T886] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 133.387239][ T886] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 133.437834][ T5957] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 133.446577][ T5957] usb 3-1: can't read configurations, error -61 [ 133.453237][ T886] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a [ 133.462739][ T886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.479156][ T886] usb 2-1: Product: syz [ 133.487939][ T886] usb 2-1: Manufacturer: syz [ 133.542468][ T886] usb 2-1: SerialNumber: syz [ 133.664210][ T886] usb 2-1: config 0 descriptor?? [ 133.766530][ T5957] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 133.808982][ T5957] usb 3-1: Using ep0 maxpacket: 16 [ 133.819708][ T5957] usb 3-1: too many configurations: 180, using maximum allowed: 8 [ 133.838973][ T5957] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 133.850898][ T5957] usb 3-1: can't read configurations, error -61 [ 133.858157][ T5957] usb usb3-port1: unable to enumerate USB device [ 134.553364][ T9] usb 2-1: USB disconnect, device number 7 [ 135.115233][ T5957] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 135.258821][ T6859] syzkaller0: entered promiscuous mode [ 135.295152][ T6859] syzkaller0: entered allmulticast mode [ 135.345195][ T5957] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 135.394250][ T5957] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 135.414546][ T5957] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 135.445689][ T5957] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.471654][ T6855] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 135.599244][ T5957] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 135.937857][ T6852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.965749][ T6852] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.200487][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 136.200527][ T30] audit: type=1326 audit(1758500128.061:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6849 comm="syz.4.224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18f3b8ec29 code=0x7ffc0000 [ 136.203731][ T6852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.219525][ T30] audit: type=1326 audit(1758500128.061:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6849 comm="syz.4.224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18f3b8ec29 code=0x7ffc0000 [ 136.259556][ C1] vkms_vblank_simulate: vblank timer overrun [ 136.273263][ T6852] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.419758][ T30] audit: type=1326 audit(1758500128.071:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6849 comm="syz.4.224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f18f3b8d590 code=0x7ffc0000 [ 136.441849][ C1] vkms_vblank_simulate: vblank timer overrun [ 136.448878][ T30] audit: type=1326 audit(1758500128.071:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6849 comm="syz.4.224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f18f3b8e82b code=0x7ffc0000 [ 136.474797][ T30] audit: type=1326 audit(1758500128.071:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6849 comm="syz.4.224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f18f3b8e82b code=0x7ffc0000 [ 136.498254][ T30] audit: type=1326 audit(1758500128.161:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6849 comm="syz.4.224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18f3b8ec29 code=0x7ffc0000 [ 136.522898][ T30] audit: type=1326 audit(1758500128.161:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6849 comm="syz.4.224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18f3b8ec29 code=0x7ffc0000 [ 136.574896][ T5927] usb 5-1: USB disconnect, device number 13 [ 136.603082][ T30] audit: type=1326 audit(1758500128.191:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6849 comm="syz.4.224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f18f3b8ec29 code=0x7ffc0000 [ 136.625165][ C1] vkms_vblank_simulate: vblank timer overrun [ 136.712524][ T30] audit: type=1326 audit(1758500128.191:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6849 comm="syz.4.224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18f3b8ec29 code=0x7ffc0000 [ 136.849735][ T30] audit: type=1326 audit(1758500128.191:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6849 comm="syz.4.224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18f3b8ec29 code=0x7ffc0000 [ 136.871920][ C1] vkms_vblank_simulate: vblank timer overrun [ 138.018235][ T886] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 138.075190][ T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 138.185912][ T886] usb 4-1: Using ep0 maxpacket: 8 [ 138.237891][ T886] usb 4-1: config 0 has no interfaces? [ 138.269032][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 138.298980][ T9] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 138.385667][ T9] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a [ 138.395777][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.498037][ T9] usb 3-1: Product: syz [ 138.528104][ T9] usb 3-1: Manufacturer: syz [ 138.556095][ T9] usb 3-1: SerialNumber: syz [ 138.592589][ T9] usb 3-1: config 0 descriptor?? [ 139.449104][ T6924] netlink: 4 bytes leftover after parsing attributes in process `syz.0.242'. [ 139.475526][ T5954] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 139.511686][ T6925] netlink: 12 bytes leftover after parsing attributes in process `syz.0.242'. [ 139.787725][ T5954] usb 2-1: Using ep0 maxpacket: 8 [ 139.878317][ T5957] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 140.003014][ T9] usb 3-1: USB disconnect, device number 12 [ 140.027758][ T5954] usb 2-1: too many configurations: 188, using maximum allowed: 8 [ 140.115176][ T5954] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.143734][ T5954] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.155891][ T5954] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.209467][ T5954] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.229615][ T5954] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.242099][ T5954] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.255165][ T5954] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.267987][ T5954] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.282675][ T5954] usb 2-1: New USB device found, idVendor=0e9c, idProduct=1b90, bcdDevice=83.00 [ 140.292179][ T5954] usb 2-1: New USB device strings: Mfr=211, Product=192, SerialNumber=233 [ 140.301962][ T5954] usb 2-1: Product: syz [ 140.307770][ T5954] usb 2-1: Manufacturer: syz [ 140.315270][ T5954] usb 2-1: SerialNumber: syz [ 140.365158][ T5954] usb 2-1: config 0 descriptor?? [ 141.040529][ T886] usb 4-1: string descriptor 0 read error: -71 [ 141.055765][ T886] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 141.066926][ T886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.093675][ T886] usb 4-1: config 0 descriptor?? [ 141.141750][ T886] usb 4-1: can't set config #0, error -71 [ 141.181843][ T886] usb 4-1: USB disconnect, device number 10 [ 141.679749][ T5954] usb 2-1: USB disconnect, device number 8 [ 141.760259][ T6947] FAULT_INJECTION: forcing a failure. [ 141.760259][ T6947] name failslab, interval 1, probability 0, space 0, times 0 [ 141.798248][ T6947] CPU: 1 UID: 0 PID: 6947 Comm: syz.4.250 Not tainted syzkaller #0 PREEMPT(full) [ 141.798276][ T6947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 141.798287][ T6947] Call Trace: [ 141.798295][ T6947] [ 141.798302][ T6947] dump_stack_lvl+0x189/0x250 [ 141.798327][ T6947] ? __pfx____ratelimit+0x10/0x10 [ 141.798348][ T6947] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.798364][ T6947] ? __pfx__printk+0x10/0x10 [ 141.798379][ T6947] ? __pfx___might_resched+0x10/0x10 [ 141.798388][ T6947] ? fs_reclaim_acquire+0x7d/0x100 [ 141.798400][ T6947] should_fail_ex+0x414/0x560 [ 141.798422][ T6947] should_failslab+0xa8/0x100 [ 141.798445][ T6947] __kmalloc_cache_noprof+0x70/0x3d0 [ 141.798466][ T6947] ? snd_mixer_oss_put_volume1_sw+0xf4/0x3f0 [ 141.798502][ T6947] snd_mixer_oss_put_volume1_sw+0xf4/0x3f0 [ 141.798523][ T6947] snd_mixer_oss_put_recsrc1_sw+0x65/0x90 [ 141.798537][ T6947] ? __pfx_snd_mixer_oss_put_recsrc1_sw+0x10/0x10 [ 141.798549][ T6947] snd_mixer_oss_set_recsrc+0x269/0x430 [ 141.798566][ T6947] ? __pfx_snd_mixer_oss_set_recsrc+0x10/0x10 [ 141.798588][ T6947] ? __might_fault+0xb0/0x130 [ 141.798617][ T6947] snd_mixer_oss_ioctl1+0xe76/0x19f0 [ 141.798639][ T6947] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 141.798662][ T6947] ? __pfx_snd_mixer_oss_ioctl1+0x10/0x10 [ 141.798675][ T6947] ? do_vfs_ioctl+0xbe8/0x1430 [ 141.798693][ T6947] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 141.798712][ T6947] ? __lock_acquire+0xab9/0xd20 [ 141.798745][ T6947] snd_mixer_oss_ioctl_card+0x10b/0x160 [ 141.798770][ T6947] ? __pfx_snd_mixer_oss_ioctl_card+0x10/0x10 [ 141.798795][ T6947] ? __fget_files+0x2a/0x420 [ 141.798810][ T6947] ? __fget_files+0x3a0/0x420 [ 141.798822][ T6947] snd_pcm_oss_ioctl+0x264/0xdd0 [ 141.798838][ T6947] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 141.798852][ T6947] __se_sys_ioctl+0xfc/0x170 [ 141.798865][ T6947] do_syscall_64+0xfa/0x3b0 [ 141.798878][ T6947] ? lockdep_hardirqs_on+0x9c/0x150 [ 141.798895][ T6947] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.798911][ T6947] ? clear_bhb_loop+0x60/0xb0 [ 141.798932][ T6947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.798947][ T6947] RIP: 0033:0x7f18f3b8ec29 [ 141.798963][ T6947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.798971][ T6947] RSP: 002b:00007f18f4a94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 141.798981][ T6947] RAX: ffffffffffffffda RBX: 00007f18f3dd5fa0 RCX: 00007f18f3b8ec29 [ 141.798988][ T6947] RDX: 0000200000000100 RSI: 00000000c0044dff RDI: 0000000000000005 [ 141.798994][ T6947] RBP: 00007f18f4a94090 R08: 0000000000000000 R09: 0000000000000000 [ 141.799000][ T6947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 141.799005][ T6947] R13: 00007f18f3dd6038 R14: 00007f18f3dd5fa0 R15: 00007f18f3effa28 [ 141.799022][ T6947] [ 142.416456][ T886] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 142.665232][ T886] usb 4-1: device descriptor read/64, error -71 [ 142.905351][ T886] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 143.066037][ T886] usb 4-1: device descriptor read/64, error -71 [ 143.222341][ T886] usb usb4-port1: attempt power cycle [ 143.446706][ T6971] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 143.595161][ T5957] usb 1-1: unable to get BOS descriptor or descriptor too short [ 143.616555][ T5957] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 143.638213][ T5957] usb 1-1: can't read configurations, error -71 [ 143.744218][ T886] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 143.797180][ T886] usb 4-1: device descriptor read/8, error -71 [ 144.216059][ T886] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 144.263593][ T886] usb 4-1: device descriptor read/8, error -71 [ 144.386210][ T886] usb usb4-port1: unable to enumerate USB device [ 145.417209][ T5947] usb 3-1: new low-speed USB device number 13 using dummy_hcd [ 145.626498][ T5947] usb 3-1: Invalid ep0 maxpacket: 16 [ 145.855181][ T5947] usb 3-1: new low-speed USB device number 14 using dummy_hcd [ 145.878670][ T6998] JFS: charset not found [ 146.055813][ T5947] usb 3-1: Invalid ep0 maxpacket: 16 [ 146.082680][ T5947] usb usb3-port1: attempt power cycle [ 146.506439][ T5947] usb 3-1: new low-speed USB device number 15 using dummy_hcd [ 146.551558][ T5947] usb 3-1: Invalid ep0 maxpacket: 16 [ 146.715267][ T5947] usb 3-1: new low-speed USB device number 16 using dummy_hcd [ 146.753932][ T5947] usb 3-1: Invalid ep0 maxpacket: 16 [ 146.763905][ T5947] usb usb3-port1: unable to enumerate USB device [ 147.763194][ T5947] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 148.075726][ T5947] usb 4-1: device descriptor read/64, error -71 [ 148.315519][ T5947] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 148.492515][ T5947] usb 4-1: device descriptor read/64, error -71 [ 148.560931][ T7042] trusted_key: syz.2.275 sent an empty control message without MSG_MORE. [ 148.643768][ T5947] usb usb4-port1: attempt power cycle [ 148.935218][ T5954] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 149.035196][ T5947] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 149.066109][ T5947] usb 4-1: device descriptor read/8, error -71 [ 149.115329][ T5954] usb 3-1: Using ep0 maxpacket: 16 [ 149.135373][ T5954] usb 3-1: config 0 has an invalid interface number: 109 but max is 0 [ 149.153834][ T5954] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 149.177808][ T5954] usb 3-1: config 0 has no interface number 0 [ 149.217480][ T5954] usb 3-1: New USB device found, idVendor=0421, idProduct=0094, bcdDevice=28.8e [ 149.262620][ T5954] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.271105][ T5954] usb 3-1: Product: syz [ 149.279945][ T5954] usb 3-1: Manufacturer: syz [ 149.286860][ T5954] usb 3-1: SerialNumber: syz [ 149.301858][ T5954] usb 3-1: config 0 descriptor?? [ 149.315442][ T5947] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 149.329947][ T5954] cdc_acm 3-1:0.109: Zero length descriptor references [ 149.345870][ T5954] cdc_acm 3-1:0.109: probe with driver cdc_acm failed with error -22 [ 149.357994][ T5947] usb 4-1: device descriptor read/8, error -71 [ 149.467479][ T5947] usb usb4-port1: unable to enumerate USB device [ 149.474305][ T7047] kvm: user requested TSC rate below hardware speed [ 149.776618][ T886] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 149.784283][ T5957] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 149.945397][ T5957] usb 5-1: Using ep0 maxpacket: 32 [ 149.952961][ T886] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 149.964948][ T886] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 149.977500][ T5957] usb 5-1: config 2 has an invalid interface number: 91 but max is 0 [ 149.985707][ T5957] usb 5-1: config 2 has no interface number 0 [ 149.991955][ T886] usb 2-1: config 0 interface 0 has no altsetting 0 [ 150.004164][ T5957] usb 5-1: config 2 interface 91 altsetting 8 endpoint 0xB has invalid maxpacket 1023, setting to 64 [ 150.019687][ T886] usb 2-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 [ 150.037449][ T5957] usb 5-1: config 2 interface 91 has no altsetting 0 [ 150.045814][ T886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.068034][ T5957] usb 5-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=98.5f [ 150.077490][ T5957] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.085671][ T5957] usb 5-1: Product: syz [ 150.090616][ T5957] usb 5-1: Manufacturer: syz [ 150.099808][ T5957] usb 5-1: SerialNumber: syz [ 150.114054][ T886] usb 2-1: config 0 descriptor?? [ 150.122665][ T7045] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 150.443886][ T5957] vmk80xx 5-1:2.91: driver 'vmk80xx' failed to auto-configure device. [ 150.500604][ T5957] usb 5-1: USB disconnect, device number 14 [ 150.670567][ T886] hid-u2fzero 0003:10C4:8ACF.0004: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.1-1/input0 [ 150.733796][ T886] hid-u2fzero 0003:10C4:8ACF.0004: U2F Zero LED initialised [ 150.749256][ T886] hid-u2fzero 0003:10C4:8ACF.0004: U2F Zero RNG initialised [ 150.845206][ T5954] usb 2-1: USB disconnect, device number 9 [ 150.903994][ T7060] fido_id[7060]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 151.490287][ T5954] usb 3-1: USB disconnect, device number 17 [ 152.693864][ T7090] openvswitch: netlink: IP tunnel dst address not specified [ 152.761296][ T7091] openvswitch: netlink: IP tunnel dst address not specified [ 152.968743][ T7099] FAULT_INJECTION: forcing a failure. [ 152.968743][ T7099] name failslab, interval 1, probability 0, space 0, times 0 [ 152.981635][ T7099] CPU: 0 UID: 0 PID: 7099 Comm: syz.2.295 Not tainted syzkaller #0 PREEMPT(full) [ 152.981650][ T7099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 152.981656][ T7099] Call Trace: [ 152.981661][ T7099] [ 152.981666][ T7099] dump_stack_lvl+0x189/0x250 [ 152.981682][ T7099] ? __pfx____ratelimit+0x10/0x10 [ 152.981694][ T7099] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.981705][ T7099] ? __pfx__printk+0x10/0x10 [ 152.981726][ T7099] should_fail_ex+0x414/0x560 [ 152.981744][ T7099] should_failslab+0xa8/0x100 [ 152.981760][ T7099] __kmalloc_cache_noprof+0x70/0x3d0 [ 152.981773][ T7099] ? sctp_add_bind_addr+0x8c/0x370 [ 152.981785][ T7099] sctp_add_bind_addr+0x8c/0x370 [ 152.981796][ T7099] sctp_copy_local_addr_list+0x30b/0x4e0 [ 152.981814][ T7099] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 152.981829][ T7099] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 152.981844][ T7099] ? sctp_v6_is_any+0x64/0x80 [ 152.981855][ T7099] ? sctp_copy_one_addr+0x93/0x360 [ 152.981866][ T7099] sctp_bind_addr_copy+0xb3/0x3c0 [ 152.981875][ T7099] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 152.981891][ T7099] sctp_connect_new_asoc+0x2e0/0x690 [ 152.981904][ T7099] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 152.981915][ T7099] ? __local_bh_enable_ip+0x12d/0x1c0 [ 152.981928][ T7099] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 152.981940][ T7099] ? security_sctp_bind_connect+0x7e/0x2e0 [ 152.981955][ T7099] sctp_sendmsg+0x155c/0x2810 [ 152.981972][ T7099] ? __pfx_sctp_sendmsg+0x10/0x10 [ 152.981985][ T7099] ? aa_sk_perm+0x81e/0x950 [ 152.982003][ T7099] ? __pfx_aa_sk_perm+0x10/0x10 [ 152.982019][ T7099] ? sock_rps_record_flow+0x19/0x410 [ 152.982035][ T7099] ? inet_sendmsg+0x2f4/0x370 [ 152.982050][ T7099] __sock_sendmsg+0x19c/0x270 [ 152.982067][ T7099] __sys_sendto+0x3bd/0x520 [ 152.982080][ T7099] ? __pfx___sys_sendto+0x10/0x10 [ 152.982089][ T7099] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 152.982107][ T7099] ? __fget_files+0x3a0/0x420 [ 152.982122][ T7099] ? ksys_write+0x22a/0x250 [ 152.982136][ T7099] ? __pfx_ksys_write+0x10/0x10 [ 152.982147][ T7099] ? rcu_is_watching+0x15/0xb0 [ 152.982160][ T7099] __x64_sys_sendto+0xde/0x100 [ 152.982173][ T7099] do_syscall_64+0xfa/0x3b0 [ 152.982183][ T7099] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.982192][ T7099] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.982202][ T7099] ? clear_bhb_loop+0x60/0xb0 [ 152.982213][ T7099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.982222][ T7099] RIP: 0033:0x7fe81638ec29 [ 152.982231][ T7099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.982239][ T7099] RSP: 002b:00007fe817163038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 152.982250][ T7099] RAX: ffffffffffffffda RBX: 00007fe8165d5fa0 RCX: 00007fe81638ec29 [ 152.982256][ T7099] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000004 [ 152.982262][ T7099] RBP: 00007fe817163090 R08: 0000200000000100 R09: 000000000000001c [ 152.982268][ T7099] R10: 0000000024004000 R11: 0000000000000246 R12: 0000000000000002 [ 152.982274][ T7099] R13: 00007fe8165d6038 R14: 00007fe8165d5fa0 R15: 00007fe8166ffa28 [ 152.982289][ T7099] [ 153.588597][ T7106] loop6: detected capacity change from 0 to 7 [ 153.597875][ T7106] Dev loop6: unable to read RDB block 7 [ 153.603476][ T7106] loop6: AHDI p2 p3 [ 153.611829][ T7106] loop6: partition table partially beyond EOD, truncated [ 153.624550][ T7106] loop6: p2 size 46 extends beyond EOD, truncated [ 153.701828][ T7107] tty tty4: ldisc open failed (-12), clearing slot 3 [ 153.830906][ T5957] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 154.146887][ T5957] usb 5-1: device descriptor read/64, error -71 [ 154.156803][ T6098] udevd[6098]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 154.647891][ T7117] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 154.655233][ T5957] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 154.846577][ T5957] usb 5-1: device descriptor read/64, error -71 [ 154.931198][ T7125] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.298'. [ 154.976795][ T7125] debugfs: 'Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç' already exists in 'ieee80211' [ 154.985919][ T5957] usb usb5-port1: attempt power cycle [ 155.648387][ T5957] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 155.715542][ C0] raw-gadget.0 gadget.4: ignoring, device is not running [ 155.725290][ T5957] usb 5-1: device descriptor read/8, error -32 [ 155.946555][ T5954] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 155.964888][ T7139] netlink: 4 bytes leftover after parsing attributes in process `syz.3.303'. [ 156.125319][ T5954] usb 1-1: Using ep0 maxpacket: 16 [ 156.155557][ T5954] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.194581][ T5954] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.209452][ T5954] usb 1-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00 [ 156.219237][ T5954] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.308977][ T5957] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 156.326826][ T5954] usb 1-1: config 0 descriptor?? [ 156.460682][ T5957] usb 5-1: config 0 has an invalid interface number: 3 but max is 0 [ 156.476062][ T5957] usb 5-1: config 0 has no interface number 0 [ 156.491407][ T5957] usb 5-1: config 0 interface 3 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 156.519732][ T5957] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a [ 156.529462][ T5957] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.625876][ T5957] usb 5-1: Product: syz [ 156.640418][ T5957] usb 5-1: Manufacturer: syz [ 156.686143][ T7154] libceph: resolve '0.' (ret=-3): failed [ 156.695131][ T5957] usb 5-1: SerialNumber: syz [ 156.793943][ T5957] usb 5-1: config 0 descriptor?? [ 156.885202][ T43] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 157.059783][ T5954] usb 1-1: USB disconnect, device number 9 [ 157.114028][ T43] usb 4-1: config 0 has an invalid interface number: 207 but max is 0 [ 157.122758][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 157.141442][ T43] usb 4-1: config 0 has no interface number 0 [ 157.187997][ T43] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd [ 157.214750][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.266689][ T43] usb 4-1: Product: syz [ 157.310575][ T43] usb 4-1: Manufacturer: syz [ 157.362798][ T43] usb 4-1: SerialNumber: syz [ 157.430920][ T43] usb 4-1: config 0 descriptor?? [ 157.458687][ T43] qmi_wwan 4-1:0.207: probe with driver qmi_wwan failed with error -22 [ 157.674842][ T5957] usb 5-1: USB disconnect, device number 18 [ 157.738911][ T7169] tipc: Started in network mode [ 157.758203][ T7169] tipc: Node identity ac14140f, cluster identity 4711 [ 157.779902][ T7169] tipc: New replicast peer: 255.255.255.255 [ 157.876156][ T7169] tipc: Enabled bearer , priority 10 [ 158.245233][ T886] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 158.455420][ T886] usb 5-1: Using ep0 maxpacket: 8 [ 158.671366][ T886] usb 5-1: config 0 has an invalid descriptor of length 106, skipping remainder of the config [ 158.681894][ T886] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 158.933551][ T886] usb 5-1: New USB device found, idVendor=0e41, idProduct=0842, bcdDevice=bc.76 [ 158.943027][ T886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.973528][ T886] usb 5-1: Product: syz [ 158.983628][ T886] usb 5-1: Manufacturer: syz [ 159.006176][ T43] tipc: Node number set to 2886997007 [ 159.051490][ T886] usb 5-1: SerialNumber: syz [ 159.120856][ T886] usb 5-1: config 0 descriptor?? [ 159.870304][ T7193] netlink: 8 bytes leftover after parsing attributes in process `syz.4.313'. [ 160.095489][ T5957] usb 4-1: USB disconnect, device number 19 [ 160.241721][ T7198] lo: left promiscuous mode [ 160.249028][ T7198] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 160.419874][ T7207] netlink: 8 bytes leftover after parsing attributes in process `syz.3.318'. [ 160.432362][ T7207] netlink: 24 bytes leftover after parsing attributes in process `syz.3.318'. [ 160.536659][ T7210] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 160.543355][ T7210] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 160.600816][ T7210] vhci_hcd vhci_hcd.0: Device attached [ 160.835220][ T5957] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 160.835262][ T5954] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 160.985143][ T5957] usb 3-1: Using ep0 maxpacket: 16 [ 160.992056][ T5957] usb 3-1: config 0 has no interfaces? [ 160.997846][ T5957] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 161.007236][ T5957] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.018268][ T5957] usb 3-1: config 0 descriptor?? [ 161.240134][ T7211] usbip_core: unknown command [ 161.245550][ T43] usb 3-1: USB disconnect, device number 18 [ 161.264004][ T7211] vhci_hcd: unknown pdu 67108864 [ 161.282380][ T7211] usbip_core: unknown command [ 161.316915][ T7217] netlink: 16 bytes leftover after parsing attributes in process `syz.3.324'. [ 161.328512][ T49] vhci_hcd: stop threads [ 161.333855][ T49] vhci_hcd: release socket [ 161.340414][ T49] vhci_hcd: disconnect device [ 161.535191][ T5947] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 161.803978][ T5947] usb 1-1: config 0 has an invalid interface number: 3 but max is 0 [ 161.825499][ T5947] usb 1-1: config 0 has no interface number 0 [ 161.831653][ T5947] usb 1-1: config 0 interface 3 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 161.966774][ T5947] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a [ 162.003551][ T5947] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.044785][ T5947] usb 1-1: Product: syz [ 162.065371][ T5947] usb 1-1: Manufacturer: syz [ 162.092913][ T5947] usb 1-1: SerialNumber: syz [ 162.134466][ T5947] usb 1-1: config 0 descriptor?? [ 162.232526][ T5957] usb 5-1: USB disconnect, device number 19 [ 162.453215][ T7255] fuse: Unknown parameter 'ÜÄ' [ 162.477495][ T7256] netlink: 8 bytes leftover after parsing attributes in process `syz.2.336'. [ 162.503642][ T7256] netlink: 12 bytes leftover after parsing attributes in process `syz.2.336'. [ 162.581294][ T7256] netlink: 8 bytes leftover after parsing attributes in process `syz.2.336'. [ 162.590338][ T1157] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.615901][ T1157] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.624782][ T7256] netlink: 12 bytes leftover after parsing attributes in process `syz.2.336'. [ 162.634999][ T1157] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.644985][ T1157] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 163.070927][ T5947] usb 1-1: USB disconnect, device number 10 [ 163.415568][ T7263] fuse: Bad value for 'fd' [ 163.479789][ T7284] TCP: TCP_TX_DELAY enabled [ 163.841086][ T7288] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 164.138267][ T5947] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 164.330465][ T5947] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 164.355160][ T5947] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 164.464704][ T5947] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 164.482168][ T5947] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.503406][ T7288] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 164.522493][ T5947] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 165.165880][ T5947] usb 4-1: USB disconnect, device number 20 [ 166.083134][ T5954] vhci_hcd: vhci_device speed not set [ 167.192830][ T7324] netlink: 'syz.2.356': attribute type 2 has an invalid length. [ 167.256723][ T7322] netlink: 92 bytes leftover after parsing attributes in process `syz.3.355'. [ 167.266118][ T7328] netlink: 16 bytes leftover after parsing attributes in process `syz.0.357'. [ 167.285306][ T7324] netlink: 132 bytes leftover after parsing attributes in process `syz.2.356'. [ 168.204042][ T7330] fuse: Bad value for 'fd' [ 168.532570][ T7342] netlink: 'syz.3.362': attribute type 39 has an invalid length. [ 168.899968][ T5954] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 169.087622][ T5954] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.105650][ T5954] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 169.170946][ T5871] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 169.365287][ T5954] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 169.414628][ T5954] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.458030][ T5954] usb 1-1: config 0 descriptor?? [ 169.541404][ T5871] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 169.620453][ T5871] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 169.704411][ T5871] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 169.728036][ T5871] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 169.735756][ T5927] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 169.849961][ T5871] usb 3-1: SerialNumber: syz [ 169.901850][ T5927] usb 2-1: config 0 has an invalid interface number: 3 but max is 0 [ 169.934340][ T5927] usb 2-1: config 0 has no interface number 0 [ 169.961871][ T5927] usb 2-1: config 0 interface 3 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 169.998451][ T5927] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a [ 170.008996][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.009392][ T7363] netlink: 5 bytes leftover after parsing attributes in process `syz.0.363'. [ 170.031905][ T5927] usb 2-1: Product: syz [ 170.069160][ T5927] usb 2-1: Manufacturer: syz [ 170.079972][ T5927] usb 2-1: SerialNumber: syz [ 170.174676][ T5927] usb 2-1: config 0 descriptor?? [ 170.204748][ T5954] usbhid 1-1:0.0: can't add hid device: -71 [ 170.220062][ T5954] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 170.253310][ T5954] usb 1-1: USB disconnect, device number 11 [ 170.264396][ T7342] binder: 7341:7342 ioctl c0306201 200000000640 returned -22 [ 171.290887][ T5927] usb 2-1: USB disconnect, device number 10 [ 171.811649][ T7381] netlink: 56 bytes leftover after parsing attributes in process `syz.1.370'. [ 172.082435][ T7381] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 172.365244][ T5954] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 172.765785][ T5954] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 172.808161][ T5954] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 172.926418][ T5954] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 173.040283][ T5954] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 173.143877][ T5954] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.239931][ T5954] usb 2-1: Product: syz [ 173.260446][ T5954] usb 2-1: Manufacturer: syz [ 173.275116][ T5954] usb 2-1: SerialNumber: syz [ 173.309027][ T5871] usb 3-1: 0:2 : does not exist [ 173.341979][ T5954] hub 2-1:1.0: bad descriptor, ignoring hub [ 173.363548][ T5954] hub 2-1:1.0: probe with driver hub failed with error -5 [ 173.463518][ T5871] usb 3-1: USB disconnect, device number 19 [ 173.609641][ T5954] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 173.667266][ T6363] udevd[6363]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 173.759855][ T7402] netlink: 88 bytes leftover after parsing attributes in process `syz.0.377'. [ 173.796923][ T7402] input: syz1 as /devices/virtual/input/input7 [ 173.855917][ T5954] usb 2-1: USB disconnect, device number 11 [ 173.865189][ T5954] usblp0: removed [ 174.310062][ T7408] netlink: 'syz.2.376': attribute type 2 has an invalid length. [ 174.325449][ T7408] netlink: 119 bytes leftover after parsing attributes in process `syz.2.376'. [ 174.937394][ T7394] fuse: Bad value for 'fd' [ 175.108596][ T7412] loop6: detected capacity change from 0 to 7 [ 175.122778][ T7412] Dev loop6: unable to read RDB block 7 [ 175.135679][ T7412] loop6: unable to read partition table [ 175.149636][ T7412] loop6: partition table beyond EOD, truncated [ 175.157277][ T7412] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 175.415578][ T886] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 175.566788][ T7423] netlink: 92 bytes leftover after parsing attributes in process `syz.3.380'. [ 175.760418][ T886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.781962][ T886] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 175.893985][ T886] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 176.016383][ T886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.038014][ T886] usb 3-1: config 0 descriptor?? [ 176.194064][ T43] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 176.395434][ T43] usb 1-1: device descriptor read/64, error -71 [ 176.705187][ T43] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 176.847445][ T7443] netlink: 5 bytes leftover after parsing attributes in process `syz.2.379'. [ 176.859956][ T43] usb 1-1: device descriptor read/64, error -71 [ 176.976788][ T43] usb usb1-port1: attempt power cycle [ 177.106127][ T886] usbhid 3-1:0.0: can't add hid device: -71 [ 177.112810][ T886] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 177.132877][ T886] usb 3-1: USB disconnect, device number 20 [ 177.707243][ T43] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 177.820450][ T43] usb 1-1: device descriptor read/8, error -71 [ 177.975213][ T5957] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 178.107934][ T43] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 178.226572][ T43] usb 1-1: device descriptor read/8, error -71 [ 178.256795][ T5957] usb 4-1: Using ep0 maxpacket: 8 [ 178.271434][ T5957] usb 4-1: too many configurations: 188, using maximum allowed: 8 [ 178.281113][ T5957] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.297389][ T5957] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.316359][ T5957] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.333875][ T5957] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.350843][ T5957] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.366004][ T5957] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.383376][ T5957] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.395819][ T5957] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.396036][ T43] usb usb1-port1: unable to enumerate USB device [ 178.412511][ T5957] usb 4-1: New USB device found, idVendor=0e9c, idProduct=1b90, bcdDevice=83.00 [ 178.422000][ T5957] usb 4-1: New USB device strings: Mfr=211, Product=192, SerialNumber=233 [ 178.440587][ T5957] usb 4-1: Product: syz [ 178.448331][ T7460] netlink: 92 bytes leftover after parsing attributes in process `syz.1.388'. [ 178.461205][ T5957] usb 4-1: Manufacturer: syz [ 178.585117][ T5957] usb 4-1: SerialNumber: syz [ 178.602185][ T5957] usb 4-1: config 0 descriptor?? [ 179.210183][ T7464] input: syz1 as /devices/virtual/input/input8 [ 179.993176][ T7470] pimreg: entered allmulticast mode [ 180.065501][ T24] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 180.245177][ T24] usb 2-1: config 0 has an invalid interface number: 3 but max is 0 [ 180.255877][ T24] usb 2-1: config 0 has no interface number 0 [ 180.263224][ T24] usb 2-1: config 0 interface 3 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 180.281144][ T24] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a [ 180.304520][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.318893][ T24] usb 2-1: Product: syz [ 180.328215][ T24] usb 2-1: Manufacturer: syz [ 180.342855][ T24] usb 2-1: SerialNumber: syz [ 180.380590][ T5957] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 180.381386][ T24] usb 2-1: config 0 descriptor?? [ 180.547275][ T5957] usb 1-1: config index 0 descriptor too short (expected 69, got 36) [ 180.558590][ T5957] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 180.569637][ T5957] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 180.584326][ T5957] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 180.594153][ T5957] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.663826][ T5957] usb 1-1: Product: syz [ 180.679670][ T7422] syz.4.381 (7422): drop_caches: 1 [ 180.694972][ T5957] usb 1-1: Manufacturer: syz [ 180.700501][ T5957] usb 1-1: SerialNumber: syz [ 180.713057][ T5957] usb 1-1: config 0 descriptor?? [ 180.760096][ T7428] syz.4.381 (7428): drop_caches: 1 [ 180.929098][ T7478] netlink: 'syz.0.394': attribute type 3 has an invalid length. [ 180.939794][ T5954] usb 1-1: USB disconnect, device number 16 [ 181.313098][ T24] usb 2-1: USB disconnect, device number 12 [ 181.411176][ T886] usb 4-1: USB disconnect, device number 21 [ 181.495281][ T5957] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 181.692284][ T7500] IPv6: addrconf: prefix option has invalid lifetime [ 181.715161][ T5957] usb 5-1: Using ep0 maxpacket: 32 [ 181.754996][ T5957] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.772867][ T5957] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 181.804558][ T5957] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 181.875562][ T5957] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 181.884160][ T5957] usb 5-1: Product: syz [ 181.888590][ T5957] usb 5-1: Manufacturer: syz [ 181.893210][ T5957] usb 5-1: SerialNumber: syz [ 181.908211][ T5957] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input9 [ 181.917652][ T886] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 182.085314][ T5954] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 182.087184][ T886] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 182.101959][ T886] usb 1-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 182.186195][ T886] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 182.210095][ T7490] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.219813][ T7490] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.249928][ T886] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 182.297592][ T5954] usb 4-1: device descriptor read/64, error -71 [ 182.348070][ T886] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 182.363504][ T886] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 182.400760][ T886] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 182.410092][ T5957] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 182.434130][ T886] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 182.463265][ T886] usb 1-1: Product: syz [ 182.481652][ T886] usb 1-1: Manufacturer: syz [ 182.490446][ T7497] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 182.499197][ T886] cdc_wdm 1-1:1.0: skipping garbage [ 182.506276][ T886] cdc_wdm 1-1:1.0: skipping garbage [ 182.527204][ T886] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 182.533302][ T886] cdc_wdm 1-1:1.0: Unknown control protocol [ 182.555365][ T24] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 182.563616][ T5954] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 182.605428][ T5957] usb 2-1: Using ep0 maxpacket: 32 [ 182.613095][ T5957] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.635725][ T5957] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.672563][ T5957] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 182.692542][ T5957] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.695263][ T5954] usb 4-1: device descriptor read/64, error -71 [ 182.719060][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 182.725247][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 182.725830][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 182.737380][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 182.743987][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 182.750259][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 182.756845][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 182.763081][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 182.769668][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 182.775962][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 182.782555][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 182.788827][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 182.795420][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 182.801657][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 182.808245][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 182.814506][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 182.821091][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 182.827333][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 182.833919][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 182.840184][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 182.842619][ T43] usb 1-1: USB disconnect, device number 17 [ 182.846785][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 182.846806][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 182.873599][ T5957] usb 2-1: config 0 descriptor?? [ 182.887391][ T5954] usb usb4-port1: attempt power cycle [ 182.907730][ T24] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 182.914654][ T5957] hub 2-1:0.0: USB hub found [ 182.923573][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.935260][ T24] usb 3-1: Product: syz [ 182.939447][ T24] usb 3-1: Manufacturer: syz [ 182.949373][ T24] usb 3-1: SerialNumber: syz [ 182.960242][ T24] usb 3-1: config 0 descriptor?? [ 183.158311][ T5957] hub 2-1:0.0: 1 port detected [ 183.236878][ T24] dvb_usb_dtv5100 3-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71 [ 183.261474][ T24] usb 3-1: USB disconnect, device number 21 [ 183.269106][ T5954] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 183.309286][ T5954] usb 4-1: device descriptor read/8, error -71 [ 183.555810][ T5954] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 183.617922][ T5954] usb 4-1: device descriptor read/8, error -71 [ 183.738792][ T5957] hub 2-1:0.0: activate --> -90 [ 183.750865][ T5954] usb usb4-port1: unable to enumerate USB device [ 183.992130][ T5957] hub 2-1:0.0: hub_ext_port_status failed (err = -71) [ 184.001807][ T5957] usb 2-1: USB disconnect, device number 13 [ 184.008084][ T886] usb 2-1: Failed to suspend device, error -19 [ 184.070086][ T24] usb 5-1: USB disconnect, device number 20 [ 184.100261][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 184.100577][ T30] audit: type=1326 audit(1758500175.971:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.0.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 184.185135][ T30] audit: type=1326 audit(1758500175.971:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.0.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 184.221288][ T30] audit: type=1326 audit(1758500175.971:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.0.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 184.222853][ T24] appletouch 5-1:1.0: input: appletouch disconnected [ 184.251137][ T30] audit: type=1326 audit(1758500175.971:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.0.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 184.285619][ T30] audit: type=1326 audit(1758500175.971:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.0.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 184.314692][ T7531] netlink: 64 bytes leftover after parsing attributes in process `syz.4.409'. [ 184.335469][ T886] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 184.497249][ T886] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 184.522856][ T886] usb 3-1: config 0 interface 0 has no altsetting 0 [ 184.535252][ T5957] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 184.550741][ T886] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 184.559441][ T7539] FAULT_INJECTION: forcing a failure. [ 184.559441][ T7539] name failslab, interval 1, probability 0, space 0, times 0 [ 184.570408][ T886] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 184.578534][ T7539] CPU: 1 UID: 0 PID: 7539 Comm: syz.1.413 Not tainted syzkaller #0 PREEMPT(full) [ 184.578560][ T7539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 184.578570][ T7539] Call Trace: [ 184.578578][ T7539] [ 184.578585][ T7539] dump_stack_lvl+0x189/0x250 [ 184.578610][ T7539] ? __pfx____ratelimit+0x10/0x10 [ 184.578628][ T7539] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.578647][ T7539] ? __pfx__printk+0x10/0x10 [ 184.578671][ T7539] ? __pfx___might_resched+0x10/0x10 [ 184.578687][ T7539] ? fs_reclaim_acquire+0x7d/0x100 [ 184.578707][ T7539] should_fail_ex+0x414/0x560 [ 184.578736][ T7539] should_failslab+0xa8/0x100 [ 184.578759][ T7539] __kmalloc_cache_noprof+0x70/0x3d0 [ 184.578780][ T7539] ? snd_mixer_oss_put_volume1_sw+0xbe/0x3f0 [ 184.578807][ T7539] snd_mixer_oss_put_volume1_sw+0xbe/0x3f0 [ 184.578835][ T7539] snd_mixer_oss_put_recsrc1_sw+0x65/0x90 [ 184.578856][ T7539] ? __pfx_snd_mixer_oss_put_recsrc1_sw+0x10/0x10 [ 184.578878][ T7539] snd_mixer_oss_set_recsrc+0x269/0x430 [ 184.578905][ T7539] ? __pfx_snd_mixer_oss_set_recsrc+0x10/0x10 [ 184.578929][ T7539] ? __might_fault+0xb0/0x130 [ 184.578961][ T7539] snd_mixer_oss_ioctl1+0xe76/0x19f0 [ 184.578982][ T7539] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 184.579008][ T7539] ? __pfx_snd_mixer_oss_ioctl1+0x10/0x10 [ 184.579026][ T7539] ? do_vfs_ioctl+0xbe8/0x1430 [ 184.579048][ T7539] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 184.579081][ T7539] ? __lock_acquire+0xab9/0xd20 [ 184.579116][ T7539] snd_mixer_oss_ioctl_card+0x10b/0x160 [ 184.579139][ T7539] ? __pfx_snd_mixer_oss_ioctl_card+0x10/0x10 [ 184.579164][ T7539] ? __fget_files+0x2a/0x420 [ 184.579178][ T7539] ? __fget_files+0x3a0/0x420 [ 184.579197][ T7539] snd_pcm_oss_ioctl+0x264/0xdd0 [ 184.579220][ T7539] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 184.579242][ T7539] __se_sys_ioctl+0xfc/0x170 [ 184.579264][ T7539] do_syscall_64+0xfa/0x3b0 [ 184.579281][ T7539] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.579297][ T7539] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.579312][ T7539] ? clear_bhb_loop+0x60/0xb0 [ 184.579332][ T7539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.579348][ T7539] RIP: 0033:0x7f022cb8ec29 [ 184.579363][ T7539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.579378][ T7539] RSP: 002b:00007f022daec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 184.579400][ T7539] RAX: ffffffffffffffda RBX: 00007f022cdd5fa0 RCX: 00007f022cb8ec29 [ 184.579412][ T7539] RDX: 0000200000000100 RSI: 00000000c0044dff RDI: 0000000000000005 [ 184.579423][ T7539] RBP: 00007f022daec090 R08: 0000000000000000 R09: 0000000000000000 [ 184.579433][ T7539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 184.579443][ T7539] R13: 00007f022cdd6038 R14: 00007f022cdd5fa0 R15: 00007f022ceffa28 [ 184.579472][ T7539] [ 184.868397][ T886] usb 3-1: Product: syz [ 184.872575][ T886] usb 3-1: Manufacturer: syz [ 184.877319][ T886] usb 3-1: SerialNumber: syz [ 184.884644][ T886] usb 3-1: config 0 descriptor?? [ 184.908639][ T886] usb 3-1: selecting invalid altsetting 0 [ 184.912413][ T7541] netlink: 12 bytes leftover after parsing attributes in process `syz.1.414'. [ 184.945392][ T5957] usb 1-1: Using ep0 maxpacket: 32 [ 184.954414][ T5957] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 184.972239][ T5957] usb 1-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice= b.8c [ 184.984637][ T5957] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.017141][ T5957] usb 1-1: Product: syz [ 185.021357][ T5957] usb 1-1: Manufacturer: syz [ 185.035770][ T7544] netlink: 44 bytes leftover after parsing attributes in process `syz.4.415'. [ 185.057195][ T5957] usb 1-1: SerialNumber: syz [ 185.216752][ T7548] FAULT_INJECTION: forcing a failure. [ 185.216752][ T7548] name failslab, interval 1, probability 0, space 0, times 0 [ 185.239259][ T7548] CPU: 1 UID: 0 PID: 7548 Comm: syz.1.417 Not tainted syzkaller #0 PREEMPT(full) [ 185.239285][ T7548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 185.239295][ T7548] Call Trace: [ 185.239301][ T7548] [ 185.239309][ T7548] dump_stack_lvl+0x189/0x250 [ 185.239333][ T7548] ? __pfx____ratelimit+0x10/0x10 [ 185.239353][ T7548] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.239370][ T7548] ? __pfx__printk+0x10/0x10 [ 185.239401][ T7548] ? __pfx___might_resched+0x10/0x10 [ 185.239416][ T7548] ? fs_reclaim_acquire+0x7d/0x100 [ 185.239436][ T7548] should_fail_ex+0x414/0x560 [ 185.239465][ T7548] should_failslab+0xa8/0x100 [ 185.239489][ T7548] __kmalloc_noprof+0xcb/0x4f0 [ 185.239508][ T7548] ? kfree+0x4d/0x440 [ 185.239525][ T7548] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 185.239549][ T7548] tomoyo_realpath_from_path+0xe3/0x5d0 [ 185.239570][ T7548] ? tomoyo_domain+0xd9/0x130 [ 185.239594][ T7548] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 185.239617][ T7548] tomoyo_path_number_perm+0x1e8/0x5a0 [ 185.239642][ T7548] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 185.239685][ T7548] ? __lock_acquire+0xab9/0xd20 [ 185.239729][ T7548] ? __fget_files+0x2a/0x420 [ 185.239747][ T7548] ? __fget_files+0x2a/0x420 [ 185.239762][ T7548] ? __fget_files+0x3a0/0x420 [ 185.239776][ T7548] ? __fget_files+0x2a/0x420 [ 185.239796][ T7548] security_file_ioctl+0xcb/0x2d0 [ 185.239820][ T7548] __se_sys_ioctl+0x47/0x170 [ 185.239844][ T7548] do_syscall_64+0xfa/0x3b0 [ 185.239861][ T7548] ? lockdep_hardirqs_on+0x9c/0x150 [ 185.239878][ T7548] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.239902][ T7548] ? clear_bhb_loop+0x60/0xb0 [ 185.239923][ T7548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.239939][ T7548] RIP: 0033:0x7f022cb8ec29 [ 185.239955][ T7548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.239970][ T7548] RSP: 002b:00007f022dacb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 185.239989][ T7548] RAX: ffffffffffffffda RBX: 00007f022cdd6090 RCX: 00007f022cb8ec29 [ 185.240002][ T7548] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 185.240013][ T7548] RBP: 00007f022dacb090 R08: 0000000000000000 R09: 0000000000000000 [ 185.240023][ T7548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.240034][ T7548] R13: 00007f022cdd6128 R14: 00007f022cdd6090 R15: 00007f022ceffa28 [ 185.240063][ T7548] [ 185.240187][ T7548] ERROR: Out of memory at tomoyo_realpath_from_path. [ 185.288978][ T5957] empeg 1-1:1.0: empeg converter detected [ 185.504809][ T5957] empeg 1-1:1.0: probe with driver empeg failed with error -71 [ 185.518167][ T5957] usb 1-1: USB disconnect, device number 18 [ 185.942774][ T30] audit: type=1400 audit(1758500177.781:56): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=7568 comm="syz.1.423" [ 186.108541][ T5954] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 186.233343][ T7577] team0: Device gtp0 is of different type [ 186.299213][ T5954] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 186.313235][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.321684][ T5954] usb 4-1: Product: syz [ 186.326475][ T5954] usb 4-1: Manufacturer: syz [ 186.331193][ T5954] usb 4-1: SerialNumber: syz [ 186.350446][ T5954] usb 4-1: config 0 descriptor?? [ 186.656938][ T5954] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 187.066069][ T24] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 187.195324][ T5947] usb 3-1: USB disconnect, device number 22 [ 187.255778][ T24] usb 1-1: device descriptor read/64, error -71 [ 187.263492][ T5954] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 187.495188][ T24] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 187.655631][ T24] usb 1-1: device descriptor read/64, error -71 [ 187.765408][ T24] usb usb1-port1: attempt power cycle [ 187.977683][ T5957] usb 4-1: USB disconnect, device number 26 [ 188.178439][ T24] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 188.207504][ T24] usb 1-1: device descriptor read/8, error -71 [ 188.445197][ T24] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 188.526991][ T24] usb 1-1: device descriptor read/8, error -71 [ 188.675535][ T24] usb usb1-port1: unable to enumerate USB device [ 189.071070][ T7630] tipc: Enabled bearer , priority 0 [ 189.080772][ T7630] syzkaller0: entered promiscuous mode [ 189.086370][ T7630] syzkaller0: entered allmulticast mode [ 189.195173][ T24] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 189.387874][ T24] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 189.400360][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.429367][ T24] usb 2-1: config 0 descriptor?? [ 190.228198][ T24] pegasus 2-1:0.0: probe with driver pegasus failed with error -71 [ 190.257475][ T24] usb 2-1: USB disconnect, device number 14 [ 191.515985][ T5957] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 191.664686][ T5957] usb 3-1: device descriptor read/64, error -71 [ 191.891407][ T7618] tipc: Resetting bearer [ 191.929746][ T7618] tipc: Disabling bearer [ 191.945357][ T5957] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 192.085228][ T5957] usb 3-1: device descriptor read/64, error -71 [ 192.146963][ T7659] tipc: Enabled bearer , priority 0 [ 192.154334][ T7659] syzkaller0: entered promiscuous mode [ 192.159957][ T7659] syzkaller0: entered allmulticast mode [ 192.244529][ T7659] syzkaller0: mtu less than device minimum [ 192.259589][ T5957] usb usb3-port1: attempt power cycle [ 192.293907][ T7658] tipc: Resetting bearer [ 192.406148][ T7658] tipc: Disabling bearer [ 192.467247][ T7668] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 192.487932][ T7668] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 192.615258][ T5957] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 192.625241][ T5954] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 192.640056][ T5957] usb 3-1: device descriptor read/8, error -71 [ 192.695633][ T5947] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 192.785341][ T5954] usb 4-1: config 0 has an invalid interface number: 3 but max is 0 [ 192.793515][ T5954] usb 4-1: config 0 has no interface number 0 [ 192.804090][ T30] audit: type=1326 audit(1758500184.661:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7672 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 192.827661][ T5954] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 192.831494][ T30] audit: type=1326 audit(1758500184.661:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7672 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 192.841226][ T5954] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a [ 192.864957][ T30] audit: type=1326 audit(1758500184.661:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7672 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 192.870012][ T5947] usb 2-1: device descriptor read/64, error -71 [ 192.903810][ T30] audit: type=1326 audit(1758500184.661:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7672 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 192.908981][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.926410][ T5957] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 192.953798][ T5954] usb 4-1: Product: syz [ 192.961227][ T5954] usb 4-1: Manufacturer: syz [ 192.969284][ T5954] usb 4-1: SerialNumber: syz [ 192.971551][ T30] audit: type=1326 audit(1758500184.661:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7672 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 192.999346][ T30] audit: type=1326 audit(1758500184.661:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7672 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 192.999442][ T5954] usb 4-1: config 0 descriptor?? [ 193.025153][ T5957] usb 3-1: device descriptor read/8, error -71 [ 193.047982][ T30] audit: type=1326 audit(1758500184.661:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7672 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 193.076221][ T30] audit: type=1326 audit(1758500184.661:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7672 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 193.102166][ T30] audit: type=1326 audit(1758500184.661:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7672 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 193.128567][ T30] audit: type=1326 audit(1758500184.661:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7672 comm="syz.0.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b7a98ec29 code=0x7ffc0000 [ 193.156123][ T5957] usb usb3-port1: unable to enumerate USB device [ 193.186933][ T5947] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 193.376541][ T5947] usb 2-1: device descriptor read/64, error -71 [ 193.453336][ T7682] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 193.459694][ T7682] syzkaller1: linktype set to 769 [ 193.497069][ T5947] usb usb2-port1: attempt power cycle [ 193.846839][ T5947] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 193.864129][ T5954] usb 4-1: USB disconnect, device number 27 [ 193.904486][ T5947] usb 2-1: device descriptor read/8, error -71 [ 194.056893][ T7697] loop6: detected capacity change from 0 to 7 [ 194.073095][ T7697] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.143093][ T7697] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.151361][ T5957] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 194.163984][ T7697] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.166775][ T5947] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 194.173698][ T7697] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.190256][ T7697] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.198367][ T7697] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.208965][ T7697] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.218664][ T7697] ldm_validate_partition_table(): Disk read failed. [ 194.228060][ T7697] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.239678][ T7697] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.263150][ T7697] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.283886][ T7697] Dev loop6: unable to read RDB block 0 [ 194.292577][ T7697] loop6: unable to read partition table [ 194.307895][ T886] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 194.310056][ T5947] usb 2-1: device descriptor read/8, error -71 [ 194.325948][ T5957] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 194.337615][ T7697] loop6: partition table beyond EOD, truncated [ 194.337784][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.350214][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.423572][ T5957] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 194.434500][ T5957] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 194.437770][ T7697] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 194.470600][ T5957] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.501904][ T7692] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 194.519671][ T5957] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 194.545499][ T5947] usb usb2-port1: unable to enumerate USB device [ 194.558229][ T886] usb 5-1: Using ep0 maxpacket: 8 [ 194.570003][ T886] usb 5-1: too many configurations: 188, using maximum allowed: 8 [ 194.589226][ T886] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.620848][ T886] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.633523][ T886] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.650614][ T886] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.670234][ T886] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.706384][ T886] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.756505][ T7692] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.767494][ T7692] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.798803][ T886] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.840251][ T886] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.878194][ T886] usb 5-1: New USB device found, idVendor=0e9c, idProduct=1b90, bcdDevice=83.00 [ 194.890037][ T886] usb 5-1: New USB device strings: Mfr=211, Product=192, SerialNumber=233 [ 194.912015][ T886] usb 5-1: Product: syz [ 194.931601][ T886] usb 5-1: Manufacturer: syz [ 195.002411][ T7692] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.010930][ T886] usb 5-1: SerialNumber: syz [ 195.025396][ T7692] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.108122][ T886] usb 5-1: config 0 descriptor?? [ 195.118634][ T5954] usb 1-1: USB disconnect, device number 23 [ 196.042240][ T7716] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 196.375363][ T5186] Bluetooth: hci2: command 0x0406 tx timeout [ 196.383653][ T5186] Bluetooth: hci0: command 0x0406 tx timeout [ 196.389847][ T5875] Bluetooth: hci4: command 0x0406 tx timeout [ 196.389911][ T5875] Bluetooth: hci3: command 0x0406 tx timeout [ 196.389945][ T5875] Bluetooth: hci1: command 0x0406 tx timeout [ 196.550212][ T7724] netlink: 8 bytes leftover after parsing attributes in process `syz.0.472'. [ 197.196350][ T5954] usb 5-1: USB disconnect, device number 21 [ 197.587756][ T7739] netlink: 60 bytes leftover after parsing attributes in process `syz.0.479'. [ 197.935255][ T24] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 198.207446][ T7749] kvm: user requested TSC rate below hardware speed [ 198.255188][ T24] usb 2-1: device descriptor read/64, error -71 [ 198.400434][ T7754] tipc: Started in network mode [ 198.408975][ T7754] tipc: Node identity ac14140f, cluster identity 4711 [ 198.441452][ T7754] tipc: New replicast peer: 255.255.255.255 [ 198.465996][ T7755] FAULT_INJECTION: forcing a failure. [ 198.465996][ T7755] name failslab, interval 1, probability 0, space 0, times 0 [ 198.485237][ T886] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 198.509915][ T24] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 198.534885][ T7754] tipc: Enabled bearer , priority 10 [ 198.564126][ T7755] CPU: 0 UID: 0 PID: 7755 Comm: syz.2.483 Not tainted syzkaller #0 PREEMPT(full) [ 198.564153][ T7755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 198.564164][ T7755] Call Trace: [ 198.564171][ T7755] [ 198.564179][ T7755] dump_stack_lvl+0x189/0x250 [ 198.564204][ T7755] ? __pfx____ratelimit+0x10/0x10 [ 198.564222][ T7755] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.564248][ T7755] ? __pfx__printk+0x10/0x10 [ 198.564270][ T7755] ? __lock_acquire+0xab9/0xd20 [ 198.564301][ T7755] should_fail_ex+0x414/0x560 [ 198.564330][ T7755] should_failslab+0xa8/0x100 [ 198.564351][ T7755] kmem_cache_alloc_noprof+0x73/0x3c0 [ 198.564364][ T7755] ? skb_clone+0x212/0x3a0 [ 198.564392][ T7755] skb_clone+0x212/0x3a0 [ 198.564406][ T7755] __netlink_deliver_tap+0x404/0x850 [ 198.564424][ T7755] ? netlink_deliver_tap+0x2e/0x1b0 [ 198.564434][ T7755] netlink_deliver_tap+0x19c/0x1b0 [ 198.564445][ T7755] netlink_unicast+0x7fa/0x9e0 [ 198.564465][ T7755] ? __pfx_netlink_unicast+0x10/0x10 [ 198.564480][ T7755] ? netlink_sendmsg+0x642/0xb30 [ 198.564489][ T7755] ? skb_put+0x11b/0x210 [ 198.564502][ T7755] netlink_sendmsg+0x805/0xb30 [ 198.564519][ T7755] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.564531][ T7755] ? aa_sock_msg_perm+0xf1/0x1d0 [ 198.564543][ T7755] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 198.564554][ T7755] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.564565][ T7755] __sock_sendmsg+0x21c/0x270 [ 198.564582][ T7755] ____sys_sendmsg+0x505/0x830 [ 198.564597][ T7755] ? __pfx_____sys_sendmsg+0x10/0x10 [ 198.564614][ T7755] ? import_iovec+0x74/0xa0 [ 198.564629][ T7755] ___sys_sendmsg+0x21f/0x2a0 [ 198.564642][ T7755] ? __pfx____sys_sendmsg+0x10/0x10 [ 198.564673][ T7755] ? __fget_files+0x2a/0x420 [ 198.564681][ T7755] ? __fget_files+0x3a0/0x420 [ 198.564695][ T7755] __x64_sys_sendmsg+0x19b/0x260 [ 198.564709][ T7755] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 198.564726][ T7755] ? __pfx_ksys_write+0x10/0x10 [ 198.564738][ T7755] ? rcu_is_watching+0x15/0xb0 [ 198.564751][ T7755] ? do_syscall_64+0xbe/0x3b0 [ 198.564769][ T7755] do_syscall_64+0xfa/0x3b0 [ 198.564779][ T7755] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.564789][ T7755] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.564798][ T7755] ? clear_bhb_loop+0x60/0xb0 [ 198.564810][ T7755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.564819][ T7755] RIP: 0033:0x7fe81638ec29 [ 198.564829][ T7755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.564837][ T7755] RSP: 002b:00007fe817142038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 198.564849][ T7755] RAX: ffffffffffffffda RBX: 00007fe8165d6090 RCX: 00007fe81638ec29 [ 198.564856][ T7755] RDX: 0000000004040140 RSI: 00002000000000c0 RDI: 0000000000000003 [ 198.564862][ T7755] RBP: 00007fe817142090 R08: 0000000000000000 R09: 0000000000000000 [ 198.564869][ T7755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 198.564874][ T7755] R13: 00007fe8165d6128 R14: 00007fe8165d6090 R15: 00007fe8166ffa28 [ 198.564893][ T7755] [ 198.665676][ T24] usb 2-1: device descriptor read/64, error -71 [ 198.668464][ C0] vkms_vblank_simulate: vblank timer overrun [ 198.785436][ T24] usb usb2-port1: attempt power cycle [ 198.787006][ C0] vkms_vblank_simulate: vblank timer overrun [ 198.885451][ C0] hrtimer: interrupt took 320399790 ns [ 198.985486][ C0] vkms_vblank_simulate: vblank timer overrun [ 199.005184][ T886] usb 1-1: Using ep0 maxpacket: 32 [ 199.012546][ T886] usb 1-1: config 2 has an invalid interface number: 91 but max is 0 [ 199.022244][ T886] usb 1-1: config 2 has no interface number 0 [ 199.028395][ T886] usb 1-1: config 2 interface 91 altsetting 8 endpoint 0xB has invalid maxpacket 1023, setting to 64 [ 199.039260][ T886] usb 1-1: config 2 interface 91 has no altsetting 0 [ 199.057741][ T886] usb 1-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=98.5f [ 199.067076][ T886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.075115][ T886] usb 1-1: Product: syz [ 199.079269][ T886] usb 1-1: Manufacturer: syz [ 199.083839][ T886] usb 1-1: SerialNumber: syz [ 199.309883][ T886] vmk80xx 1-1:2.91: driver 'vmk80xx' failed to auto-configure device. [ 199.355355][ T886] usb 1-1: USB disconnect, device number 24 [ 199.445963][ T24] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 199.489475][ T24] usb 2-1: device descriptor read/8, error -71 [ 199.625206][ T5957] usb 3-1: new full-speed USB device number 27 using dummy_hcd [ 199.655313][ T43] tipc: Node number set to 2886997007 [ 199.735385][ T24] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 199.755736][ T24] usb 2-1: device descriptor read/8, error -71 [ 199.787846][ T5957] usb 3-1: config index 0 descriptor too short (expected 69, got 36) [ 199.796085][ T5957] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 199.806396][ T5957] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 199.817637][ T5957] usb 3-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 199.826891][ T5957] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.834942][ T5957] usb 3-1: Product: syz [ 199.839346][ T5957] usb 3-1: Manufacturer: syz [ 199.843962][ T5957] usb 3-1: SerialNumber: syz [ 199.852773][ T5957] usb 3-1: config 0 descriptor?? [ 199.866078][ T24] usb usb2-port1: unable to enumerate USB device [ 200.062661][ T5957] usb 3-1: USB disconnect, device number 27 [ 200.616984][ T7780] netlink: 60 bytes leftover after parsing attributes in process `syz.2.491'. [ 201.415918][ T5865] Bluetooth: hci2: command 0x0406 tx timeout [ 201.496199][ T5874] Bluetooth: hci0: command 0x0406 tx timeout [ 201.507750][ T7769] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 202.249954][ T7769] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 202.264359][ T7769] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 202.270482][ T7769] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 202.279600][ T7769] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 202.286978][ T7769] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 202.299079][ T7769] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 202.306154][ T7769] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 202.315529][ T7769] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 202.321552][ T7769] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 202.572649][ T7795] netlink: 64 bytes leftover after parsing attributes in process `syz.4.497'. [ 202.605200][ T24] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 202.779243][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 202.800429][ T24] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 202.818215][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 202.842832][ T24] usb 1-1: config 0 has no interfaces? [ 202.863044][ T24] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 202.893611][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.904172][ T24] usb 1-1: Product: syz [ 202.908985][ T24] usb 1-1: Manufacturer: syz [ 202.913717][ T24] usb 1-1: SerialNumber: syz [ 202.955421][ T9] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 202.964613][ T24] usb 1-1: config 0 descriptor?? [ 203.075398][ T24] usb 1-1: USB disconnect, device number 25 [ 203.105239][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 203.112485][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 203.153393][ T9] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 203.179620][ T9] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 203.282669][ T9] usb 5-1: Product: syz [ 203.287736][ T7814] netlink: 60 bytes leftover after parsing attributes in process `syz.0.503'. [ 203.305403][ T9] usb 5-1: Manufacturer: syz [ 203.310286][ T9] usb 5-1: SerialNumber: syz [ 203.315685][ T7792] netlink: 24 bytes leftover after parsing attributes in process `syz.1.496'. [ 203.538839][ T9] usb 5-1: palm_os_3_probe - error -71 getting connection information [ 203.560321][ T9] visor 5-1:1.0: probe with driver visor failed with error -71 [ 203.576263][ T5874] Bluetooth: hci0: command 0x0406 tx timeout [ 203.603575][ T9] usb 5-1: USB disconnect, device number 22 [ 204.295524][ T5874] Bluetooth: hci4: command 0x0406 tx timeout [ 204.301621][ T5874] Bluetooth: hci1: command 0x0406 tx timeout [ 204.375253][ T5865] Bluetooth: hci2: command 0x0406 tx timeout [ 204.381363][ T5874] Bluetooth: hci3: command 0x0406 tx timeout [ 204.560950][ T7828] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 204.627002][ T7831] FAULT_INJECTION: forcing a failure. [ 204.627002][ T7831] name failslab, interval 1, probability 0, space 0, times 0 [ 204.665270][ T7831] CPU: 1 UID: 0 PID: 7831 Comm: syz.2.508 Not tainted syzkaller #0 PREEMPT(full) [ 204.665309][ T7831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 204.665319][ T7831] Call Trace: [ 204.665327][ T7831] [ 204.665335][ T7831] dump_stack_lvl+0x189/0x250 [ 204.665360][ T7831] ? __pfx____ratelimit+0x10/0x10 [ 204.665380][ T7831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.665400][ T7831] ? __pfx__printk+0x10/0x10 [ 204.665424][ T7831] ? __pfx___might_resched+0x10/0x10 [ 204.665441][ T7831] ? fs_reclaim_acquire+0x7d/0x100 [ 204.665463][ T7831] should_fail_ex+0x414/0x560 [ 204.665491][ T7831] should_failslab+0xa8/0x100 [ 204.665515][ T7831] __kmalloc_noprof+0xcb/0x4f0 [ 204.665535][ T7831] ? tomoyo_encode+0x28b/0x550 [ 204.665558][ T7831] tomoyo_encode+0x28b/0x550 [ 204.665582][ T7831] tomoyo_realpath_from_path+0x58d/0x5d0 [ 204.665602][ T7831] ? tomoyo_domain+0xd9/0x130 [ 204.665624][ T7831] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 204.665646][ T7831] tomoyo_path_number_perm+0x1e8/0x5a0 [ 204.665671][ T7831] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 204.665712][ T7831] ? __lock_acquire+0xab9/0xd20 [ 204.665754][ T7831] ? __fget_files+0x2a/0x420 [ 204.665774][ T7831] ? __fget_files+0x2a/0x420 [ 204.665787][ T7831] ? __fget_files+0x3a0/0x420 [ 204.665802][ T7831] ? __fget_files+0x2a/0x420 [ 204.665821][ T7831] security_file_ioctl+0xcb/0x2d0 [ 204.665846][ T7831] __se_sys_ioctl+0x47/0x170 [ 204.665868][ T7831] do_syscall_64+0xfa/0x3b0 [ 204.665893][ T7831] ? lockdep_hardirqs_on+0x9c/0x150 [ 204.665911][ T7831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.665928][ T7831] ? clear_bhb_loop+0x60/0xb0 [ 204.665949][ T7831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.665965][ T7831] RIP: 0033:0x7fe81638ec29 [ 204.665981][ T7831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.665996][ T7831] RSP: 002b:00007fe817142038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 204.666015][ T7831] RAX: ffffffffffffffda RBX: 00007fe8165d6090 RCX: 00007fe81638ec29 [ 204.666028][ T7831] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 204.666039][ T7831] RBP: 00007fe817142090 R08: 0000000000000000 R09: 0000000000000000 [ 204.666050][ T7831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 204.666061][ T7831] R13: 00007fe8165d6128 R14: 00007fe8165d6090 R15: 00007fe8166ffa28 [ 204.666090][ T7831] [ 204.666112][ T7831] ERROR: Out of memory at tomoyo_realpath_from_path. [ 204.765217][ T5957] usb 4-1: new low-speed USB device number 29 using dummy_hcd [ 205.185289][ T7843] netlink: 24 bytes leftover after parsing attributes in process `syz.4.512'. [ 205.377376][ T5957] usb 4-1: No LPM exit latency info found, disabling LPM. [ 205.392529][ T5957] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 205.421337][ T5957] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 205.485534][ T5957] usb 4-1: string descriptor 0 read error: -22 [ 205.616043][ T5957] usb 4-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 205.648691][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.941124][ T7857] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 205.966478][ T5957] usb 4-1: config 0 descriptor?? [ 206.048020][ T7859] netlink: 'syz.1.515': attribute type 8 has an invalid length. [ 206.145223][ T7859] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 206.380866][ T5874] Bluetooth: hci1: command 0x0406 tx timeout [ 206.384944][ T5865] Bluetooth: hci4: command 0x0406 tx timeout [ 206.455218][ T5865] Bluetooth: hci3: command 0x0406 tx timeout [ 206.461390][ T5865] Bluetooth: hci2: command 0x0406 tx timeout [ 206.685202][ T5871] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 206.859249][ T5871] usb 1-1: Using ep0 maxpacket: 8 [ 206.865884][ T5871] usb 1-1: too many configurations: 188, using maximum allowed: 8 [ 206.878380][ T5957] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 206.940069][ T5871] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 206.999885][ T5871] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.019144][ T5871] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.039584][ T5871] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.057439][ T5871] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.092638][ T5871] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.114860][ T5871] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.150764][ T5871] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.162381][ T5957] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 207.189127][ T5871] usb 1-1: New USB device found, idVendor=0e9c, idProduct=1b90, bcdDevice=83.00 [ 207.212850][ T5957] dib0700: firmware download failed at 7 with -22 [ 207.222538][ T5871] usb 1-1: New USB device strings: Mfr=211, Product=192, SerialNumber=233 [ 207.262838][ T5871] usb 1-1: Product: syz [ 207.277080][ T5957] usb 4-1: USB disconnect, device number 29 [ 207.295801][ T5871] usb 1-1: Manufacturer: syz [ 207.317184][ T5871] usb 1-1: SerialNumber: syz [ 207.334992][ T5871] usb 1-1: config 0 descriptor?? [ 207.351575][ T7873] netlink: 4 bytes leftover after parsing attributes in process `syz.1.519'. [ 207.614696][ T5957] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 207.817925][ T5957] usb 4-1: config 0 has an invalid interface number: 113 but max is 0 [ 207.830973][ T5957] usb 4-1: config 0 has no interface number 0 [ 207.860270][ T5957] usb 4-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0xE7, changing to 0x87 [ 207.880158][ T5957] usb 4-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 207.893862][ T5957] usb 4-1: config 0 interface 113 has no altsetting 0 [ 207.907963][ T5957] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 207.920767][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.931531][ T5957] usb 4-1: Product: syz [ 207.939326][ T5957] usb 4-1: Manufacturer: syz [ 207.944133][ T5957] usb 4-1: SerialNumber: syz [ 207.952190][ T5957] usb 4-1: config 0 descriptor?? [ 207.968910][ T5957] pn533_usb 4-1:0.113: NFC: Could not find bulk-in or bulk-out endpoint [ 208.015204][ T886] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 208.118094][ T7888] netlink: 24 bytes leftover after parsing attributes in process `syz.4.526'. [ 208.167535][ T886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 208.205249][ T886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 208.220002][ T886] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 208.229537][ T886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.245763][ T886] usb 3-1: config 0 descriptor?? [ 208.272638][ T7871] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.314630][ T7871] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.340400][ T5957] usb 4-1: USB disconnect, device number 30 [ 208.694469][ T886] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 208.713657][ T886] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 208.723158][ T886] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 208.741944][ T886] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 208.753998][ T886] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 208.775674][ T886] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 208.792345][ T5871] usb 1-1: USB disconnect, device number 26 [ 208.809749][ T886] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 208.824342][ T886] cp2112 0003:10C4:EA90.0006: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 208.936205][ T886] cp2112 0003:10C4:EA90.0006: Part Number: 0x00 Device Version: 0x00 [ 209.000383][ T7900] netlink: 8 bytes leftover after parsing attributes in process `syz.0.530'. [ 209.542440][ T7882] ================================================================== [ 209.550534][ T7882] BUG: KASAN: stack-out-of-bounds in cp2112_xfer+0x6c3/0xf10 [ 209.557896][ T7882] Read of size 35 at addr ffffc9000c107d20 by task syz.2.523/7882 [ 209.565680][ T7882] [ 209.567995][ T7882] CPU: 0 UID: 0 PID: 7882 Comm: syz.2.523 Not tainted syzkaller #0 PREEMPT(full) [ 209.568009][ T7882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 209.568016][ T7882] Call Trace: [ 209.568022][ T7882] [ 209.568027][ T7882] dump_stack_lvl+0x189/0x250 [ 209.568042][ T7882] ? cp2112_xfer+0x6c3/0xf10 [ 209.568053][ T7882] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.568064][ T7882] ? __pfx__printk+0x10/0x10 [ 209.568078][ T7882] ? __virt_addr_valid+0xdc/0x5c0 [ 209.568091][ T7882] ? __virt_addr_valid+0xdc/0x5c0 [ 209.568103][ T7882] print_report+0xca/0x240 [ 209.568112][ T7882] ? cp2112_xfer+0x6c3/0xf10 [ 209.568120][ T7882] kasan_report+0x118/0x150 [ 209.568135][ T7882] ? cp2112_xfer+0x6c3/0xf10 [ 209.568145][ T7882] kasan_check_range+0x2b0/0x2c0 [ 209.568158][ T7882] ? cp2112_xfer+0x6c3/0xf10 [ 209.568167][ T7882] __asan_memcpy+0x29/0x70 [ 209.568178][ T7882] cp2112_xfer+0x6c3/0xf10 [ 209.568188][ T7882] ? __pfx_cp2112_xfer+0x10/0x10 [ 209.568199][ T7882] ? kasan_save_track+0x4f/0x80 [ 209.568210][ T7882] ? kasan_save_track+0x3e/0x80 [ 209.568221][ T7882] ? kasan_save_free_info+0x46/0x50 [ 209.568230][ T7882] ? do_syscall_64+0xe0/0x3b0 [ 209.568242][ T7882] __i2c_smbus_xfer+0x5b3/0x1e50 [ 209.568255][ T7882] ? __lock_acquire+0xab9/0xd20 [ 209.568268][ T7882] ? __pfx_cp2112_xfer+0x10/0x10 [ 209.568280][ T7882] ? __pfx___i2c_smbus_xfer+0x10/0x10 [ 209.568293][ T7882] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 209.568308][ T7882] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.568317][ T7882] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 209.568331][ T7882] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 209.568347][ T7882] ? rt_mutex_lock_nested+0x15e/0x1e0 [ 209.568359][ T7882] i2c_smbus_xfer+0x275/0x3c0 [ 209.568372][ T7882] ? __pfx_i2c_smbus_xfer+0x10/0x10 [ 209.568385][ T7882] i2cdev_ioctl_smbus+0x43d/0x6d0 [ 209.568398][ T7882] ? __pfx_i2cdev_ioctl_smbus+0x10/0x10 [ 209.568411][ T7882] i2cdev_ioctl+0x5d3/0x7f0 [ 209.568434][ T7882] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 209.568444][ T7882] ? __fget_files+0x2a/0x420 [ 209.568453][ T7882] ? __fget_files+0x3a0/0x420 [ 209.568462][ T7882] ? bpf_lsm_file_ioctl+0x9/0x20 [ 209.568475][ T7882] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 209.568484][ T7882] __se_sys_ioctl+0xfc/0x170 [ 209.568496][ T7882] do_syscall_64+0xfa/0x3b0 [ 209.568505][ T7882] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.568514][ T7882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.568523][ T7882] ? clear_bhb_loop+0x60/0xb0 [ 209.568533][ T7882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.568542][ T7882] RIP: 0033:0x7fe81638ec29 [ 209.568552][ T7882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.568560][ T7882] RSP: 002b:00007fe817163038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 209.568571][ T7882] RAX: ffffffffffffffda RBX: 00007fe8165d5fa0 RCX: 00007fe81638ec29 [ 209.568578][ T7882] RDX: 0000200000000180 RSI: 0000000000000720 RDI: 0000000000000005 [ 209.568585][ T7882] RBP: 00007fe816411e41 R08: 0000000000000000 R09: 0000000000000000 [ 209.568591][ T7882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.568596][ T7882] R13: 00007fe8165d6038 R14: 00007fe8165d5fa0 R15: 00007fe8166ffa28 [ 209.568607][ T7882] [ 209.568610][ T7882] [ 209.889162][ T7882] The buggy address belongs to stack of task syz.2.523/7882 [ 209.896420][ T7882] and is located at offset 32 in frame: [ 209.902031][ T7882] i2cdev_ioctl_smbus+0x0/0x6d0 [ 209.906895][ T7882] [ 209.909199][ T7882] This frame has 1 object: [ 209.913678][ T7882] [32, 66) 'temp' [ 209.913686][ T7882] [ 209.919677][ T7882] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc9000c100000 allocated at copy_process+0x54b/0x3c00 [ 209.932598][ T7882] The buggy address belongs to the physical page: [ 209.939001][ T7882] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x4e4bd pfn:0x4e1d7 [ 209.948099][ T7882] memcg:ffff8880275a5d02 [ 209.952340][ T7882] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 209.959450][ T7882] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 209.968014][ T7882] raw: 000000000004e4bd 0000000000000000 00000001ffffffff ffff8880275a5d02 [ 209.976574][ T7882] page dumped because: kasan: bad access detected [ 209.982968][ T7882] page_owner tracks the page as allocated [ 209.988673][ T7882] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 7801, tgid 7801 (syz.2.500), ts 202753531885, free_ts 198554229382 [ 210.007761][ T7882] post_alloc_hook+0x240/0x2a0 [ 210.012549][ T7882] get_page_from_freelist+0x21e4/0x22c0 [ 210.018076][ T7882] __alloc_frozen_pages_noprof+0x181/0x370 [ 210.023863][ T7882] alloc_pages_mpol+0x232/0x4a0 [ 210.028696][ T7882] alloc_pages_noprof+0xa9/0x190 [ 210.033615][ T7882] __vmalloc_node_range_noprof+0x97d/0x12f0 [ 210.039495][ T7882] __vmalloc_node_noprof+0xc2/0x110 [ 210.044680][ T7882] dup_task_struct+0x3e7/0x860 [ 210.049420][ T7882] copy_process+0x54b/0x3c00 [ 210.053988][ T7882] kernel_clone+0x21e/0x840 [ 210.058470][ T7882] __se_sys_clone3+0x256/0x2d0 [ 210.063227][ T7882] do_syscall_64+0xfa/0x3b0 [ 210.067707][ T7882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.073575][ T7882] page last free pid 7736 tgid 7735 stack trace: [ 210.079878][ T7882] free_unref_folios+0xdbd/0x1520 [ 210.084887][ T7882] folios_put_refs+0x559/0x640 [ 210.089673][ T7882] truncate_inode_pages_range+0x346/0xda0 [ 210.095377][ T7882] blkdev_flush_mapping+0x108/0x270 [ 210.100557][ T7882] bdev_release+0x417/0x650 [ 210.105037][ T7882] blkdev_release+0x15/0x20 [ 210.109535][ T7882] __fput+0x44c/0xa70 [ 210.113513][ T7882] task_work_run+0x1d1/0x260 [ 210.118088][ T7882] do_exit+0x6b5/0x2300 [ 210.122242][ T7882] do_group_exit+0x21c/0x2d0 [ 210.126889][ T7882] get_signal+0x1286/0x1340 [ 210.131393][ T7882] arch_do_signal_or_restart+0x9a/0x750 [ 210.136926][ T7882] exit_to_user_mode_loop+0x75/0x110 [ 210.142195][ T7882] do_syscall_64+0x2bd/0x3b0 [ 210.146765][ T7882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.152653][ T7882] [ 210.154965][ T7882] Memory state around the buggy address: [ 210.160578][ T7882] ffffc9000c107c00: 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 [ 210.168705][ T7882] ffffc9000c107c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 210.176747][ T7882] >ffffc9000c107d00: f1 f1 f1 f1 00 00 00 00 02 f3 f3 f3 f3 f3 f3 f3 [ 210.184809][ T7882] ^ [ 210.191037][ T7882] ffffc9000c107d80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 210.199167][ T7882] ffffc9000c107e00: 04 f2 00 00 f2 f2 00 00 f3 f3 f3 f3 00 00 00 00 [ 210.207226][ T7882] ================================================================== [ 210.285329][ T7882] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 210.292570][ T7882] CPU: 1 UID: 0 PID: 7882 Comm: syz.2.523 Not tainted syzkaller #0 PREEMPT(full) [ 210.301774][ T7882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 210.311923][ T7882] Call Trace: [ 210.315207][ T7882] [ 210.318137][ T7882] dump_stack_lvl+0x99/0x250 [ 210.322727][ T7882] ? __asan_memcpy+0x40/0x70 [ 210.327313][ T7882] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.332514][ T7882] ? __pfx__printk+0x10/0x10 [ 210.337129][ T7882] vpanic+0x281/0x750 [ 210.342333][ T7882] ? preempt_schedule+0xae/0xc0 [ 210.348541][ T7882] ? __pfx_vpanic+0x10/0x10 [ 210.353056][ T7882] ? preempt_schedule_common+0x83/0xd0 [ 210.358530][ T7882] ? preempt_schedule+0xae/0xc0 [ 210.363415][ T7882] ? __pfx_preempt_schedule+0x10/0x10 [ 210.368812][ T7882] panic+0xb9/0xc0 [ 210.372553][ T7882] ? __pfx_panic+0x10/0x10 [ 210.376980][ T7882] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 210.382895][ T7882] ? cp2112_xfer+0x6c3/0xf10 [ 210.387496][ T7882] check_panic_on_warn+0x89/0xb0 [ 210.392450][ T7882] ? cp2112_xfer+0x6c3/0xf10 [ 210.397049][ T7882] end_report+0x78/0x160 [ 210.401319][ T7882] kasan_report+0x129/0x150 [ 210.405825][ T7882] ? cp2112_xfer+0x6c3/0xf10 [ 210.410426][ T7882] kasan_check_range+0x2b0/0x2c0 [ 210.415363][ T7882] ? cp2112_xfer+0x6c3/0xf10 [ 210.419952][ T7882] __asan_memcpy+0x29/0x70 [ 210.424368][ T7882] cp2112_xfer+0x6c3/0xf10 [ 210.428800][ T7882] ? __pfx_cp2112_xfer+0x10/0x10 [ 210.433758][ T7882] ? kasan_save_track+0x4f/0x80 [ 210.438612][ T7882] ? kasan_save_track+0x3e/0x80 [ 210.443456][ T7882] ? kasan_save_free_info+0x46/0x50 [ 210.448640][ T7882] ? do_syscall_64+0xe0/0x3b0 [ 210.453331][ T7882] __i2c_smbus_xfer+0x5b3/0x1e50 [ 210.458263][ T7882] ? __lock_acquire+0xab9/0xd20 [ 210.463114][ T7882] ? __pfx_cp2112_xfer+0x10/0x10 [ 210.468068][ T7882] ? __pfx___i2c_smbus_xfer+0x10/0x10 [ 210.473428][ T7882] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 210.479364][ T7882] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.484554][ T7882] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 210.490445][ T7882] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 210.496790][ T7882] ? rt_mutex_lock_nested+0x15e/0x1e0 [ 210.502249][ T7882] i2c_smbus_xfer+0x275/0x3c0 [ 210.507010][ T7882] ? __pfx_i2c_smbus_xfer+0x10/0x10 [ 210.512203][ T7882] i2cdev_ioctl_smbus+0x43d/0x6d0 [ 210.517221][ T7882] ? __pfx_i2cdev_ioctl_smbus+0x10/0x10 [ 210.522761][ T7882] i2cdev_ioctl+0x5d3/0x7f0 [ 210.527257][ T7882] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 210.532270][ T7882] ? __fget_files+0x2a/0x420 [ 210.536845][ T7882] ? __fget_files+0x3a0/0x420 [ 210.541507][ T7882] ? bpf_lsm_file_ioctl+0x9/0x20 [ 210.546439][ T7882] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 210.551451][ T7882] __se_sys_ioctl+0xfc/0x170 [ 210.556029][ T7882] do_syscall_64+0xfa/0x3b0 [ 210.560521][ T7882] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.565714][ T7882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.574536][ T7882] ? clear_bhb_loop+0x60/0xb0 [ 210.582274][ T7882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.588173][ T7882] RIP: 0033:0x7fe81638ec29 [ 210.592581][ T7882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 210.612528][ T7882] RSP: 002b:00007fe817163038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 210.620948][ T7882] RAX: ffffffffffffffda RBX: 00007fe8165d5fa0 RCX: 00007fe81638ec29 [ 210.629013][ T7882] RDX: 0000200000000180 RSI: 0000000000000720 RDI: 0000000000000005 [ 210.636992][ T7882] RBP: 00007fe816411e41 R08: 0000000000000000 R09: 0000000000000000 [ 210.644976][ T7882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 210.652945][ T7882] R13: 00007fe8165d6038 R14: 00007fe8165d5fa0 R15: 00007fe8166ffa28 [ 210.660922][ T7882] [ 210.664205][ T7882] Kernel Offset: disabled [ 210.668523][ T7882] Rebooting in 86400 seconds..